CVE-2018-25137
Unknown Unknown - Not Provided
Unauthenticated Config Export Vulnerability in FLIR Brickstream 3D

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-27
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-25
NVD
CVE-2018-25137
EUVD
EUVD-2025-205348
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
flir onvif 0.1.1.47
flir brickstream_3d+ *
flir node 0.10.33
flir api 1.0.0
flir brickstream_3d+ 2.1.742.1842
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the FLIR Brickstream 3D+ 2.1.742.1842 sensor's ExportConfig REST API, specifically the getConfigExportFile.cgi endpoint. It allows attackers to download sensitive configuration files without any authentication. By exploiting this flaw, attackers can access system configurations that may enable them to bypass authentication, escalate privileges, and potentially compromise the entire system. [1, 2]


How can this vulnerability impact me? :

Exploiting this vulnerability can lead to unauthorized disclosure of sensitive system configuration information. This can facilitate authentication bypass and privilege escalation, potentially resulting in full system compromise. Such impacts can threaten the security and integrity of critical infrastructure monitored by the FLIR Brickstream 3D+ sensor, including industrial environments, electrical cabinets, manufacturing areas, and data centers. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to access the ExportConfig REST API endpoint getConfigExportFile.cgi or /restapi/system/ExportConfig on the FLIR Brickstream 3D+ device without authentication. A simple command using curl to test this would be: curl http://<device-ip>/getConfigExportFile.cgi If the configuration file is returned without requiring authentication, the device is vulnerable. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to the vulnerable FLIR Brickstream 3D+ devices, especially blocking unauthenticated access to the ExportConfig REST API endpoints. Applying any available firmware patches or updates from FLIR Systems that address this vulnerability is critical. Additionally, following FLIR's cybersecurity best practices and hardening guides to limit exposure and secure device configurations is recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart