Executive Summary

This vulnerability exists in the FLIR AX8 Thermal Camera firmware version 1.32.16 (and also version 1.17.13) where hard-coded SSH and web panel credentials are embedded within the device's Linux distribution image. These credentials cannot be changed through normal camera operations. Attackers can exploit these persistent, default credentials to gain unauthorized shell access and log into multiple camera interfaces, including SSH and the web panel, using predefined username and password combinations. [2, 3]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers to gain unauthorized access to the FLIR AX8 Thermal Camera by using hard-coded credentials. This unauthorized access can lead to compromise of device security, unauthorized shell access, and login to multiple interfaces. It can potentially disrupt critical industrial monitoring operations, cause denial of service (DoS), and expose sensitive monitoring data. Since the credentials cannot be changed, the device remains vulnerable until patched. [2, 3]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the FLIR AX8 Thermal Camera using the known hard-coded credentials via SSH or the web panel. Specifically, you can try SSH login attempts with username 'fliruser' and password '3vlig', or root user with password 'hello'. For the web panel, try default credentials such as 'admin:admin', 'user:user', and 'viewer:viewer'. Network scanning tools can also be used to identify devices running the affected firmware versions and services (SSH, web panel). Example commands include: 1) ssh fliruser@<device_ip> and enter password '3vlig'; 2) ssh root@<device_ip> with password 'hello'; 3) using curl or a browser to access the web panel and attempt login with default credentials. These attempts can confirm if the device is vulnerable. [2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected FLIR AX8 Thermal Cameras by isolating them from untrusted networks, implementing firewall rules to block unauthorized SSH and web panel access, and monitoring for unauthorized login attempts. Since the hard-coded credentials cannot be changed through normal camera operations, it is critical to apply any available patches or firmware updates provided by FLIR once released. Additionally, following FLIR's cybersecurity best practices and hardening guides is recommended to reduce exposure until a patch is applied. [3]

Useful 0 Not Useful 0

Compliance Impact

The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthorized access to the device through hard-coded credentials, it could potentially lead to unauthorized access to sensitive data or disruption of critical industrial monitoring operations, which may affect compliance with security and privacy requirements in such regulations. No direct statements about compliance impact are available in the provided text. [2, 3]

Useful 0 Not Useful 0