CVE-2017-20214

HIGH

FLIR Thermal Camera - Auth Bypass

Title source: llm

Description

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/42787

View Code ZIP pw:eip

References (5)

[Various Sources] https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42787/

[Issue Tracking] https://cxsecurity.com/issue/WLB-2017090205

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/144324

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-798

Status draft

Timeline

Published Jan 08, 2026

Tracked Since Feb 18, 2026