CVE-2017-20212
Unknown Unknown - Not Provided
Information Disclosure in FLIR Thermal Camera Firmware via Unauthenticated File Read

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20212
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
flir thermal_camera_f_fc_pt_d 8.0.0.64
flir thermal_camera_f_fc_pt_d 10.0.2.43
flir thermal_camera_f_fc_pt_d From 1.3.2 (inc) to 1.4.1 (inc)
flir nexus_server From 2.5.13.0 (inc) to 2.5.29.0 (inc)
flir lighttpd 1.4.28
flir php 5.4.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FLIR Thermal Camera F/FC/PT/D series firmware version 8.0.0.64 and related software. It is caused by improper input validation in the web API endpoint `/api/xml`, specifically in the `readFile` function in `/var/www/data/controllers/api/xml.php`. The function accepts a `file` parameter that is not properly sanitized or verified before being used to read files from the local filesystem. As a result, an unauthenticated attacker can exploit this flaw to read arbitrary files on the device, including sensitive system files, configuration files, password hashes, and user credentials, without needing any authentication. [1, 2, 3]

Impact Analysis

This vulnerability can lead to significant information disclosure risks. An attacker can remotely and without authentication read arbitrary files on the affected FLIR Thermal Camera devices. This includes sensitive files such as system configuration files, password hashes, SSH authorized keys, user credential files containing MD5 hashed usernames and passwords, and other critical system scripts. Exposure of such information can enable attackers to gain further unauthorized access, compromise the device, or use the disclosed information to attack other systems in the network. The vulnerability poses a medium to high risk of information exposure and potential system compromise. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable API endpoint on the FLIR Thermal Camera using HTTP requests that include the 'file' parameter to read arbitrary files. For example, you can use curl commands to request sensitive files such as /etc/passwd or configuration files via the API endpoint `/api/xml.php`. A sample command to test the vulnerability is: curl "http://<camera-ip>/api/xml.php?file=/etc/passwd". If the contents of the file are returned without authentication, the system is vulnerable. Monitoring network traffic for such suspicious requests to `/api/xml.php` with a 'file' parameter can also help detect exploitation attempts. [1, 3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable API endpoint `/api/xml.php` by implementing network-level controls such as firewall rules to limit access only to trusted users or management networks. Additionally, updating the firmware and software of the FLIR Thermal Camera to versions where this vulnerability is patched is recommended. If updates are not immediately available, disabling or restricting the web interface or API access temporarily can reduce exposure. Changing default credentials is also advised to prevent further unauthorized access. [1, 2, 3]

Compliance Impact

This vulnerability allows unauthenticated attackers to read arbitrary files on FLIR Thermal Cameras, potentially exposing sensitive system information, user credentials, and configuration data. Such unauthorized disclosure of sensitive data could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information. However, the provided resources do not explicitly discuss compliance impacts or regulatory considerations. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart