CVE-2017-20214

HIGH

FLIR Thermal Camera F/FC/PT/D 8.0.0.64 - Use of Hard-coded Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20214. PoCs published by LiquidWorm.

AI-analyzed exploit summary This document describes hard-coded SSH credentials in FLIR Systems' thermal cameras, which cannot be changed by end-users. It lists multiple affected firmware and software versions along with the credentials.

Description

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/42787

View Code ZIP pw:eip

This document describes hard-coded SSH credentials in FLIR Systems' thermal cameras, which cannot be changed by end-users. It lists multiple affected firmware and software versions along with the credentials.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: FLIR Systems Thermal Camera (F/FC/PT/D Series) with firmware versions 8.0.0.64 and software versions 10.0.2.43

No auth needed

Prerequisites: knowledge of hard-coded credentials

MITRE ATT&CK

T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/42787/

Issue Tracking third-party-advisory

https://cxsecurity.com/issue/WLB-2017090205

Various Sources vendor-advisory patch

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/144324

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

FLIR Systems, Inc./FLIR Thermal Camera F/FC/PT/D 8.0.0.64

Published Jan 08, 2026

Tracked Since Feb 18, 2026