FLIR Thermal Camera F/FC/PT/D Information Disclosure Vulnerability

An information disclosure vulnerability has been identified in FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64. This vulnerability allows unauthenticated attackers to read arbitrary files from the local system through unverified input parameters. Exploitation occurs via the readFile() function in the /var/www/data/controllers/api/xml.php file, which can be manipulated to access sensitive files without authentication.

Impact

Successful exploitation of this vulnerability allows for unauthorized access to sensitive system files, including configuration files and user data, which could be leveraged for further attacks or to gain unauthorized access to the camera's features or controls.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /api/xml endpoint with a crafted 'file' parameter that points to a file on the local system. The response will include the contents of the requested file, demonstrating the unauthorized access.

Remediation

FLIR has released a security patch v1.1 for this vulnerability. Instructions for downloading the patch are available by contacting FLIR's thermal support.