FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection Vulnerability

An authenticated OS command injection vulnerability has been identified in the FLIR Thermal Camera FC-S/PT, specifically in firmware version 8.0.0.64. This vulnerability allows authenticated attackers to execute arbitrary shell commands with root privileges, thereby gaining complete control over the thermal camera system. The issue arises from unvalidated input parameters that can be exploited to inject commands into the operating system.

Impact

Exploitation of this vulnerability allows for authenticated users to execute arbitrary commands as the root user on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/page/maintenance/lanSettings/dns' endpoint. The request must include a 'PHPSESSID' cookie for session management. Within the body of the request, arbitrary shell commands can be injected through the 'dns[server2]' parameter. The injected command is executed on the server, allowing for command injection exploitation.

Remediation

Users are advised to contact FLIR thermal support for guidance on applying the security patch v1.1, released on October 9, 2017.