CVE-2018-25141

HIGH

FLIR thermal traffic cameras - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25141. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a writeup describing an unauthenticated RTSP stream disclosure vulnerability in FLIR thermal traffic cameras. It provides URLs to access live video streams without authentication.

Description

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45537

View Code ZIP pw:eip

This is a writeup describing an unauthenticated RTSP stream disclosure vulnerability in FLIR thermal traffic cameras. It provides URLs to access live video streams without authentication.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FLIR Thermal Traffic Cameras (multiple firmware versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45537

Various Sources product

https://www.flir.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5489.php

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

FLIR/FLIR Thermal Traffic Cameras 1.01-0bb5b27

Published Dec 24, 2025

Tracked Since Feb 18, 2026