{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2017-20213","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-06T21:01:40.998Z","datePublished":"2026-01-07T23:09:55.425Z","dateUpdated":"2026-04-07T14:03:38.688Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:03:38.688Z"},"title":"FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure","descriptions":[{"lang":"en","value":"FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Missing Authentication for Critical Function","cweId":"CWE-306","type":"CWE"}]}],"affected":[{"vendor":"FLIR Systems, Inc.","product":"FLIR Thermal Camera F/FC/PT/D Stream","versions":[{"version":"8.0.0.64","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php","name":"Zero Science Lab Vulnerability Advisory","tags":["third-party-advisory"]},{"url":"https://www.exploit-db.com/exploits/42789/","name":"Exploit Database Entry 42789","tags":["exploit"]},{"url":"https://packetstormsecurity.com/files/144323","name":"Packet Storm Security Exploit Archive","tags":["exploit"]},{"url":"https://cxsecurity.com/issue/WLB-2017090204","name":"CXSecurity Vulnerability Listing","tags":["third-party-advisory"]},{"url":"https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043","name":"Archived FLIR Security Advisory","tags":["vendor-advisory","patch"]}],"credits":[{"lang":"en","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab","type":"finder"}],"x_generator":{"engine":"vulncheck"},"datePublic":"2017-09-25T00:00:00.000Z"},"adp":[{"references":[{"url":"https://cxsecurity.com/issue/WLB-2017090204","tags":["exploit"]},{"url":"https://www.exploit-db.com/exploits/42789/","tags":["exploit"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-08T15:08:30.505192Z","id":"CVE-2017-20213","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-08T18:17:15.865Z"}}]}}