CVE-2017-20214
Unknown Unknown - Not Provided
Hard-Coded SSH Credentials in FLIR Thermal Camera Firmware Enable Unauthorized Access

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20214
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
flir thermal_camera 8.0.0.64
flir thermal_camera 10.0.2.43
flir thermal_camera From 1.3.2 (inc) to 1.4.1 (inc)
flir nexus_server From 2.5.13.0 (inc) to 2.5.29.0 (inc)
lighttpd lighttpd 1.4.28
php php 5.4.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves FLIR Thermal Camera models from the F/FC/PT/D series containing hard-coded SSH credentials embedded within their Linux-based firmware. These credentials are permanently set by the manufacturer and cannot be changed or removed through any standard camera operation or user interface. Because of this, attackers can use these persistent credentials to gain unauthorized remote SSH access to the camera system. [1, 2, 3]

Impact Analysis

Exploiting this vulnerability allows remote attackers to gain unauthorized root-level SSH access to the affected FLIR thermal cameras. This means attackers can take full control of the device, potentially compromising the camera's data, surveillance capabilities, and overall security. Such unauthorized access poses a high security risk, especially in environments relying on these cameras for monitoring and security. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by scanning for devices running the affected FLIR Thermal Camera firmware versions (such as 8.0.0.64) and attempting to connect via SSH using the known hard-coded credentials. The known usernames and passwords include root with password "indigo", root with password "video", default with password "video", default with a blank password, and ftp with password "video". You can use SSH client commands to test these credentials against the IP addresses of suspected FLIR cameras on your network. For example, using a command like `ssh root@<camera_ip>` and trying the passwords mentioned. Additionally, network scanning tools can be used to identify devices running SSH on typical FLIR camera ports and then attempt authentication with these credentials to confirm vulnerability. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include isolating the affected FLIR Thermal Cameras from untrusted networks to prevent unauthorized remote access. Since the hard-coded SSH credentials cannot be changed through normal camera operations, restricting network access via firewall rules or network segmentation is critical. Monitoring and logging SSH access attempts can help detect exploitation attempts. If possible, contact FLIR for firmware updates or patches that address this issue or consider replacing affected devices with models that do not contain hard-coded credentials. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart