CVE-2018-25139

HIGH

FLIR AX8 Thermal Camera <1.32.16 - Info Disclosure

Title source: llm

Description

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45606

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45606

[Product] https://www.flir.com

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5492.php

Scores

CVSS v3 7.5

EPSS 0.0019

EPSS Percentile 40.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-306

Status published

Affected Products (2)

flir/flir_ax8_firmware

flir/flir_ax8_firmware

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026