CVE-2017-20214 in Thermal Camera F
Summary
by MITRE • 01/08/2026
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/08/2026
The FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains a critical security vulnerability that stems from the inclusion of hard-coded SSH credentials within the device firmware. This flaw represents a fundamental breach in the device's authentication mechanism, as the credentials are embedded directly into the software code rather than being dynamically generated or configurable through standard administrative interfaces. The vulnerability affects multiple FLIR thermal camera models including the F series, FC series, PT series, and D series, indicating a widespread issue across the product line. The hard-coded nature of these credentials means that they persist across device reboots, firmware updates, and factory resets, creating a persistent backdoor that remains active regardless of normal security protocols.
This vulnerability creates a severe operational risk as it allows attackers to establish unauthorized remote access to thermal camera systems without requiring knowledge of legitimate user credentials or exploitation of other attack vectors. The persistent nature of these hard-coded credentials means that once discovered, they provide attackers with continuous access to the device, enabling them to monitor, manipulate, or exfiltrate data from the thermal imaging system. The inability to change these credentials through normal camera operations directly violates fundamental security principles and represents a design flaw that compromises the integrity of the entire device security architecture. According to CWE-259, this vulnerability maps to the weakness of using hard-coded passwords or credentials, which is classified as a critical security flaw that should never be present in production systems.
The operational impact of this vulnerability extends beyond simple unauthorized access, as thermal cameras often serve critical security and monitoring functions in industrial, commercial, and defense applications. Attackers who gain access through these hard-coded credentials can potentially manipulate thermal imaging data, disable security features, or use the device as a pivot point to attack other systems within the network. The vulnerability also creates challenges for security compliance, as it violates many industry standards and regulations that require authentication mechanisms to be configurable and secure. Organizations using these devices face significant risks including data breaches, unauthorized surveillance, and potential compromise of critical infrastructure operations.
Mitigation strategies for this vulnerability require immediate action to address the hard-coded credentials issue. The most effective approach involves applying the latest firmware updates from FLIR that address this specific vulnerability by either removing the hard-coded credentials or making them configurable through proper administrative interfaces. Organizations should also implement network segmentation to limit access to thermal camera systems and monitor for unusual SSH access patterns that might indicate exploitation attempts. Security teams should conduct comprehensive vulnerability assessments to identify all affected devices within their network infrastructure and establish monitoring procedures to detect unauthorized access attempts. Additionally, implementing network access controls and disabling unnecessary SSH services where possible can help reduce the attack surface and limit the potential impact of this vulnerability.
The presence of hard-coded credentials in firmware represents a significant gap in the security development lifecycle, as it indicates insufficient security testing and validation during the device development process. This vulnerability demonstrates the importance of following secure coding practices and adhering to security standards such as those outlined in the NIST Cybersecurity Framework and ISO/IEC 27001. From an attack perspective, this vulnerability aligns with ATT&CK technique T1078 which covers valid accounts and legitimate credentials for unauthorized access. The vulnerability also represents a potential path for lateral movement within networks, as attackers can use the compromised device to access other systems that may share similar credential patterns or network access. Organizations should consider implementing additional security controls such as network monitoring, behavioral analytics, and regular security assessments to detect and prevent exploitation of such persistent vulnerabilities.