CVE-2018-25141

HIGH

FLIR thermal traffic cameras - Info Disclosure

Title source: llm

Description

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45537

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.flir.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45537

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5489.php

Scores

CVSS v3 7.5

EPSS 0.0016

EPSS Percentile 37.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-306

Status draft

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026