CVE-2017-20213

HIGH EPSS 33.9%

Published Jan 8, 20265mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Jan 8, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

33.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

References 5

cxsecurity.com https://cxsecurity.com/issue/WLB-2017090204
packetstormsecurity.com https://packetstormsecurity.com/files/144323
web.archive.org https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043
exploit-db.com https://www.exploit-db.com/exploits/42789/
zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.