CVE-2017-20215

HIGH

FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection

Title source: llm

Description

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/42788

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5437.php

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/42788/

Issue Tracking third-party-advisory

https://cxsecurity.com/issue/WLB-2017090207

Various Sources vendor-advisory patch

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/144325

Scores

CVSS v3 8.8

EPSS 0.0045

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

FLIR Systems, Inc./FLIR Thermal Camera FC-S/PT 8.0.0.64

Published Jan 08, 2026

Tracked Since Feb 18, 2026