CVE-2017-20212 - Vulnerability Details

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Flir	Thermal Camera

No data.

References

Link	Providers
https://cxsecurity.com/issue/WLB-2017090202
https://packetstormsecurity.com/files/144322
https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043
https://www.exploit-db.com/exploits/42786/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5434.php

History

Thu, 08 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Flir Flir thermal Camera
Vendors & Products		Flir Flir thermal Camera

Wed, 07 Jan 2026 23:30:00 +0000

Type	Values Removed	Values Added
Description		FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
Title		FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading
Weaknesses		CWE-22
References		https://cxsecurity.com/issue/WLB-2017090202 https://packetstormsecurity.com/files/144322 https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043 https://www.exploit-db.com/exploits/42786/ https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5434.php
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-01-07T23:09:54.925Z

Updated: 2026-01-08T18:17:20.840Z

Reserved: 2026-01-06T21:01:40.998Z

Link: CVE-2017-20212

Vulnrichment

Updated: 2026-01-08T15:08:50.803Z

NVD

Status : Awaiting Analysis

Published: 2026-01-08T00:15:56.000

Modified: 2026-01-08T19:15:53.680

Link: CVE-2017-20212

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object