Vulnerability Description
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2017090202
- https://packetstormsecurity.com/files/144322
- https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/de
- https://www.exploit-db.com/exploits/42786/
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5434.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5434.php
FAQ
What is CVE-2017-20212?
CVE-2017-20212 is a vulnerability with a CVSS score of 6.2 (MEDIUM). FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input paramete...
How severe is CVE-2017-20212?
CVE-2017-20212 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-20212?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.