Executive Summary

This vulnerability exists in the FLIR Brickstream 3D+ 2.1.742.1842 sensor's ExportConfig REST API, specifically the getConfigExportFile.cgi endpoint. It allows attackers to download sensitive configuration files without any authentication. By exploiting this flaw, attackers can access system configurations that may enable them to bypass authentication, escalate privileges, and potentially compromise the entire system. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

Exploiting this vulnerability can lead to unauthorized disclosure of sensitive system configuration information. This can facilitate authentication bypass and privilege escalation, potentially resulting in full system compromise. Such impacts can threaten the security and integrity of critical infrastructure monitored by the FLIR Brickstream 3D+ sensor, including industrial environments, electrical cabinets, manufacturing areas, and data centers. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the ExportConfig REST API endpoint getConfigExportFile.cgi or /restapi/system/ExportConfig on the FLIR Brickstream 3D+ device without authentication. A simple command using curl to test this would be: curl http://<device-ip>/getConfigExportFile.cgi If the configuration file is returned without requiring authentication, the device is vulnerable. [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting network access to the vulnerable FLIR Brickstream 3D+ devices, especially blocking unauthenticated access to the ExportConfig REST API endpoints. Applying any available firmware patches or updates from FLIR Systems that address this vulnerability is critical. Additionally, following FLIR's cybersecurity best practices and hardening guides to limit exposure and secure device configurations is recommended. [1]

Useful 0 Not Useful 0