FLIR Thermal Cameras Unauthenticated Live Stream Access Vulnerability

A vulnerability in FLIR Thermal Camera firmware version 8.0.0.64 allows remote access to live camera streams without authentication. This issue affects multiple camera series, including the PT-Series, FC-Series S, FC-Series R, D-Series, and F-Series. The vulnerability arises from a lack of proper authentication, enabling unauthorized users to view thermal video feeds over IP networks.

Impact

Exploitation of this vulnerability leads to unauthorized access to live thermal video streams from the affected cameras.

Reproduction

The vulnerability can be reproduced by sending a request to the camera's live video stream endpoint. This can be done using a web browser or a tool like curl, targeting the specific stream URLs mentioned in the advisory.

Remediation

FLIR has released a security patch for this vulnerability. Instructions for applying the patch can be obtained by contacting FLIR's thermal support.