CVE-2017-20213

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cxsecurity.com/issue/WLB-2017090204
https://packetstormsecurity.com/files/144323
https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043
https://www.exploit-db.com/exploits/42789/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php
https://cxsecurity.com/issue/WLB-2017090204
https://www.exploit-db.com/exploits/42789/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El firmware versión 8.0.0.64 de las cámaras térmicas FLIR F/FC/PT/D Stream contiene una vulnerabilidad no autenticada que permite a atacantes remotos acceder a transmisiones de cámara en vivo sin credenciales. Los atacantes pueden explotar la vulnerabilidad para ver transmisiones de video no autorizadas de cámaras térmicas en múltiples series de cámaras sin requerir ninguna autenticación.

08 Jan 2026, 19:15

Type	Values Removed	Values Added
References	~~() https://cxsecurity.com/issue/WLB-2017090204 -~~	() https://cxsecurity.com/issue/WLB-2017090204 -
References	~~() https://www.exploit-db.com/exploits/42789/ -~~	() https://www.exploit-db.com/exploits/42789/ -
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php -

08 Jan 2026, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-08 00:15

Updated : 2026-06-17 01:15

NVD link : CVE-2017-20213

Mitre link : CVE-2017-20213

CVE.ORG link : CVE-2017-20213

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2017-20213", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2017-20213", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T15:08:30.505192Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "FLIR Systems, Inc.", "product": "FLIR Thermal Camera F/FC/PT/D Stream", "versions": [{"status": "affected", "version": "8.0.0.64"}]}]}], "published": "2026-01-08T00:15:56.343", "references": [{"url": "https://cxsecurity.com/issue/WLB-2017090204", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/144323", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/42789/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php", "source": "disclosure@vulncheck.com"}, {"url": "https://cxsecurity.com/issue/WLB-2017090204", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/42789/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication."}, {"lang": "es", "value": "El firmware versi\u00f3n 8.0.0.64 de las c\u00e1maras t\u00e9rmicas FLIR F/FC/PT/D Stream contiene una vulnerabilidad no autenticada que permite a atacantes remotos acceder a transmisiones de c\u00e1mara en vivo sin credenciales. Los atacantes pueden explotar la vulnerabilidad para ver transmisiones de video no autorizadas de c\u00e1maras t\u00e9rmicas en m\u00faltiples series de c\u00e1maras sin requerir ninguna autenticaci\u00f3n."}], "lastModified": "2026-06-17T01:15:25.510", "sourceIdentifier": "disclosure@vulncheck.com"}