CVE-2017-20215

HIGH

FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20215. PoCs published by LiquidWorm.

AI-analyzed exploit summary This PoC demonstrates an authenticated OS command injection vulnerability in FLIR FC-S/PT series thermal cameras. The exploit injects a command via the DNS server configuration parameter, executing arbitrary shell commands as root.

Description

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/42788

View Code ZIP pw:eip

This PoC demonstrates an authenticated OS command injection vulnerability in FLIR FC-S/PT series thermal cameras. The exploit injects a command via the DNS server configuration parameter, executing arbitrary shell commands as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FLIR FC-S/PT Series (Firmware 8.0.0.64, Software 10.0.2.43)

Auth required

Prerequisites: Authenticated session (PHPSESSID cookie) · Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5437.php

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/42788/

Issue Tracking third-party-advisory

https://cxsecurity.com/issue/WLB-2017090207

Various Sources vendor-advisory patch

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/144325

Scores

CVSS v3 8.8

EPSS 0.1399

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

FLIR Systems, Inc./FLIR Thermal Camera FC-S/PT 8.0.0.64

Published Jan 08, 2026

Tracked Since Feb 18, 2026