CVE-2017-20213
Unknown Unknown - Not Provided
Unauthenticated Access to FLIR Thermal Camera Live Streams

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20213
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
flir_systems flir_thermal_camera_f_fc_pt_d 8.0.0.64
flir_systems flir_thermal_camera_f_fc_pt_d 10.0.2.43
flir_systems flir_thermal_camera_f_fc_pt_d From 1.3.2 (inc) to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects FLIR Thermal Camera F/FC/PT/D series running firmware version 8.0.0.64 and certain software versions. It allows remote attackers to access live thermal and visible-light camera video streams without any authentication by directly requesting specific URLs. This means unauthorized users can view live camera feeds without needing credentials, exposing sensitive surveillance data. [1, 3, 4]

Impact Analysis

The vulnerability can lead to unauthorized access to live video streams from FLIR thermal cameras, potentially exposing sensitive thermal and visible-light surveillance footage. This unauthorized disclosure can compromise privacy and security by allowing attackers to monitor areas without permission, which could be exploited for espionage, intrusion planning, or other malicious activities. [1, 3, 4]

Detection Guidance

This vulnerability can be detected by attempting to access the live video stream URLs of the FLIR Thermal Cameras without authentication. For example, you can use commands like curl or wget to request the following URLs on the target device: http://TARGET:8081/graphics/livevideo/stream/stream3.jpg or http://TARGET:8081/graphics/livevideo/stream/stream1.jpg. If these URLs return live video stream images without requiring credentials, the system is vulnerable. [1, 4]

Mitigation Strategies

Immediate mitigation steps include deploying the affected FLIR thermal cameras only on closed, secured networks to limit unauthorized access. Additionally, apply the firmware patches released by FLIR (Security Patch v1.1) for the affected camera series as soon as possible. Customers should follow FLIR's setup instructions for the patch and consider contacting FLIR support to receive updates and information about software patches. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart