CVE-2017-20212 in Thermal Camera F
Summary
by MITRE • 01/08/2026
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/08/2026
The FLIR Thermal Camera F/FC/PT/D series represents a critical class of industrial security devices used for thermal imaging and surveillance applications in various enterprise environments. These devices operate as network-connected systems that process and transmit sensitive thermal data, making them attractive targets for cyber adversaries seeking unauthorized access to operational infrastructure. The firmware version 8.0.0.64 contains a significant information disclosure vulnerability that fundamentally compromises the security posture of these devices. This vulnerability resides within the web application interface that manages device configuration and data access through the xml.php endpoint, creating a direct pathway for attackers to bypass authentication mechanisms and access critical system resources.
The technical flaw manifests through the unverified input parameters within the readFile() function of the xml.php controller, which processes requests to retrieve and display system data. This implementation lacks proper input validation and sanitization, allowing attackers to manipulate file path parameters to traverse the filesystem and access arbitrary files on the device. The vulnerability specifically targets the /var/www/data/controllers/api/xml.php endpoint where the readFile() function processes user-supplied input without adequate authorization checks or path validation. This design flaw enables attackers to specify any file path within the device's filesystem, potentially exposing sensitive configuration files, authentication credentials, system logs, and other critical operational data.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with comprehensive access to the device's internal filesystem structure. An unauthenticated attacker can exploit this vulnerability to read system configuration files that may contain network settings, user credentials, or device-specific parameters that could be leveraged for further exploitation. The ability to access local system files without authentication creates a significant risk for organizations relying on these thermal cameras for security monitoring, as attackers could potentially extract device serial numbers, firmware versions, or other identifying information that could be used for targeted attacks against specific device models. This vulnerability undermines the fundamental security assumptions of the device's network interface and compromises the integrity of the overall security infrastructure.
Mitigation strategies for this vulnerability require immediate attention from system administrators and security teams responsible for FLIR Thermal Camera deployments. The most effective immediate solution involves applying the vendor-provided firmware update that addresses the input validation flaw in the xml.php endpoint. Organizations should implement network segmentation and access controls to limit exposure of these devices to untrusted networks, utilizing firewalls and access control lists to restrict access to the device management interfaces. Additionally, monitoring network traffic for suspicious requests to the xml.php endpoint can help detect exploitation attempts. According to CWE standards, this vulnerability aligns with CWE-22 Path Traversal and CWE-200 Information Exposure, while the ATT&CK framework categorizes this as a technique for Credential Access and Defense Evasion through exploitation of unpatched web application vulnerabilities. Regular security assessments and vulnerability scanning should be implemented to identify similar flaws in other network-connected devices within the organization's infrastructure.