CVE-2018-25136

HIGH

FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure

Title source: llm

Description

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45607

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.brickstream.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45607

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-306

Status draft

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026