FLIR AX8 Thermal Camera Hard-Coded Credentials Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability exists in the FLIR AX8 Thermal Camera running firmware 1.32.16, due to hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. These persistent credentials can be exploited by attackers to gain unauthorized shell access or to log into various camera interfaces using default username and password combinations.

Impact

Exploitation of this vulnerability allows for unauthorized shell access on the camera, as well as access to the camera's web interface using default credentials. According to FLIR, this vulnerability could also lead to a denial-of-service.

Added: Dec 24, 2025, 8:49 PM

Updated: Dec 24, 2025, 9:51 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

9.1

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

9.1

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FLIR AX8 Thermal Camera Hard-Coded Credentials Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Affected Products

FLIR AX8

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating