CVE-2017-20214

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cxsecurity.com/issue/WLB-2017090205
https://packetstormsecurity.com/files/144324
https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043
https://www.exploit-db.com/exploits/42787/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La versión de firmware 8.0.0.64 de la cámara térmica FLIR F/FC/PT/D contiene credenciales SSH codificadas de forma rígida que no se pueden cambiar a través de las operaciones normales de la cámara. Los atacantes pueden aprovechar estas credenciales persistentes e inmodificables para obtener acceso remoto no autorizado al sistema de la cámara térmica.

08 Jan 2026, 19:15

Type	Values Removed	Values Added
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php -

08 Jan 2026, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-08 00:15

Updated : 2026-04-15 00:35

NVD link : CVE-2017-20214

Mitre link : CVE-2017-20214

CVE.ORG link : CVE-2017-20214

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2017-20214", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-08T00:15:56.513", "references": [{"url": "https://cxsecurity.com/issue/WLB-2017090205", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/144324", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/42787/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system."}, {"lang": "es", "value": "La versi\u00f3n de firmware 8.0.0.64 de la c\u00e1mara t\u00e9rmica FLIR F/FC/PT/D contiene credenciales SSH codificadas de forma r\u00edgida que no se pueden cambiar a trav\u00e9s de las operaciones normales de la c\u00e1mara. Los atacantes pueden aprovechar estas credenciales persistentes e inmodificables para obtener acceso remoto no autorizado al sistema de la c\u00e1mara t\u00e9rmica."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}