CVE-2017-20215
Authenticated OS Command Injection in FLIR FC-S/PT Firmware Enables Root Access
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flir | thermal_camera_fc-s_pt | 8.0.0.64 |
| flir | thermal_camera_fc-s_pt | 10.0.2.43 |
| flir | thermal_camera_fc-s_pt | From 1.3.2 (inc) to 1.4.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authenticated OS command injection in the FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64. It allows an attacker who has valid credentials to inject and execute arbitrary shell commands with root privileges on the device. This means the attacker can gain complete control over the thermal camera system by exploiting unvalidated input parameters, specifically through a POST request to the /page/maintenance/lanSettings/dns endpoint. [1, 2, 3]
How can this vulnerability impact me? :
The impact of this vulnerability is severe as it grants an authenticated attacker root-level command execution on the affected thermal camera devices. This can lead to complete compromise of the device, allowing the attacker to control the system, disrupt its operation, or use it as a foothold to attack other parts of the network. Since these cameras are often used for perimeter protection, exploitation could undermine physical security and network integrity. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting an authenticated POST request to the endpoint `/page/maintenance/lanSettings/dns` with specially crafted parameters that include shell command injection payloads. For example, injecting a command such as `sleep 17` in the DNS server parameters can confirm the presence of the vulnerability by observing the delayed response. This method requires valid authentication credentials on the device. Specific commands would involve using tools like curl or similar HTTP clients to send the POST request with injected shell commands in the parameters. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected FLIR Thermal Camera FC-S/PT devices to trusted users only, ensuring that only authorized personnel have authentication credentials. Additionally, monitoring and controlling network access to the device's management interfaces can reduce exposure. Applying any available firmware or software updates from FLIR Systems that address this vulnerability is critical. If patches are not yet available, consider disabling or limiting the vulnerable functionality or isolating the device from untrusted networks to prevent exploitation. [1, 2, 3]