CVE-2018-25137
Unknown
Unknown - Not Provided
Unauthenticated Config Export Vulnerability in FLIR Brickstream 3D
Vulnerability report for CVE-2018-25137, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flir | onvif | 0.1.1.47 |
| flir | brickstream_3d+ | * |
| flir | node | 0.10.33 |
| flir | api | 1.0.0 |
| flir | brickstream_3d+ | 2.1.742.1842 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |