FLIR AX8 Thermal Camera RTSP Stream Access Vulnerability

A vulnerability in the FLIR AX8 Thermal Camera firmware versions 1.32.16 and 1.17.13 allows remote access to live RTSP video streams without authentication. This issue enables unauthorized users to view and record thermal footage by connecting directly to the RTSP stream with tools like VLC or FFmpeg.

Impact

Exploitation of this vulnerability leads to unauthorized access to live video streams from the thermal camera, allowing for viewing and recording of the footage.

Reproduction

The vulnerability can be reproduced by connecting to the camera's RTSP stream using VLC or FFmpeg. The stream can be accessed without any credentials, and once connected, the live video can be viewed or recorded. Additionally, the camera's snapshot feature can be accessed without authentication.