CVE-2017-20213 in Thermal Camera F
Summary
by MITRE • 01/08/2026
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/08/2026
This vulnerability exists within the FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 where the device fails to implement proper authentication mechanisms for accessing live video streams. The flaw represents a critical security weakness that allows any remote attacker to gain unauthorized access to thermal imaging feeds without requiring valid credentials or authentication. The vulnerability specifically affects multiple camera series within the FLIR product line, creating a widespread security risk across various thermal imaging deployments.
The technical implementation of this vulnerability stems from the absence of authentication checks within the streaming protocol handlers. According to CWE-287, this represents an improper authentication issue where the system fails to properly verify the identity of users attempting to access protected resources. The flaw allows attackers to directly access the video stream endpoints without presenting any credentials, effectively bypassing the security controls that should normally protect sensitive thermal imaging data. This unauthenticated access creates a persistent threat vector that remains active until the firmware is updated or the device is physically secured.
The operational impact of this vulnerability extends far beyond simple unauthorized access to video feeds. Attackers can potentially gather sensitive thermal imaging data that may reveal critical infrastructure layouts, personnel movements, or security vulnerabilities in protected facilities. The remote nature of the exploit means that attackers can access these feeds from anywhere with internet connectivity, eliminating the need for physical presence or local network access. This vulnerability directly aligns with ATT&CK technique T1046 which involves discovery of network services and T1071 which covers application layer protocol usage, as attackers can leverage the streaming protocols to access sensitive data without proper authorization.
Organizations utilizing FLIR thermal cameras in security, industrial, or critical infrastructure applications face significant risks from this vulnerability. The unauthenticated access could enable adversaries to conduct surveillance operations, gather intelligence on facility layouts, or identify security gaps that could be exploited in subsequent attacks. The vulnerability particularly impacts environments where thermal imaging is used for perimeter security, fire detection, or industrial monitoring where unauthorized access to live feeds could compromise operational security and safety protocols. This threat is compounded by the fact that thermal imaging data often reveals patterns and information that traditional video surveillance cannot capture, making the compromised feeds particularly valuable to adversaries.
Mitigation strategies should include immediate firmware updates from FLIR to address the authentication flaw, network segmentation to isolate affected devices, and implementation of additional access controls such as firewall rules restricting access to streaming ports. Organizations should also consider deploying network monitoring solutions to detect unauthorized access attempts and establish incident response procedures for potential exploitation of this vulnerability. The remediation process must account for the widespread nature of the affected camera series and ensure that all devices within the network are properly updated to prevent continued exploitation of this unauthenticated access vector.