Researchers have disclosed the details of several potentially serious vulnerabilities affecting thermal security cameras from FLIR Systems, said to be the world’s largest provider of thermal imaging cameras, components and imaging sensors.
The flaws were discovered by Gjoko Krstic of Zero Science Lab and were disclosed over the weekend by Beyond Security. The issues were reported to FLIR on June 27 and while the company responded to Beyond Security’s emails, it did not provide an estimated date for workarounds or patches.
Krstic found various types of vulnerabilities in FLIR’s FC-Series S, FC-Series ID and PT-Series thermal security cameras, including information disclosure, authenticated and unauthenticated remote code execution, and hardcoded credentials issues. The researcher also found a vulnerability that allows an unauthenticated attacker to access a camera’s live feed.
Proof-of-concept (PoC) requests and code have been made available for each of the vulnerabilities.
A scan via the Internet search engine Censys shows that thousands of FLIR thermal cameras are accessible directly from the Internet, which increases the risk of exploitation for the vulnerabilities identified by Kristic.
The researcher discovered that an attacker can leverage API functionality provided by the FLIR web server to download various files from the FLIR OS. He also noticed that the web server does not check if the user is authenticated when they make a request to see the camera’s live feed, allowing an attacker to gain access to the video stream by sending a simple request.
Specially crafted requests can also be used by authenticated and unauthenticated attackers to execute arbitrary code. These security holes are caused by the lack of proper sanitization for user-controlled input.
Finally, Krstic discovered that the code includes various credentials that provide access to the devices.
Contacted by SecurityWeek, FLIR said it’s evaluating Beyond Security’s advisory and promised to provide an update on its findings once its assessment has been completed.
UPDATE 10/17/2017. FLIR told SecurityWeek it has released firmware updates to patch the vulnerabilities.
Related: Remotely Exploitable Flaws Found in Popular IP Cameras
Related: Multiple Vulnerabilities Found in Popular IP Cameras
Related: Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
Latest News
- Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
- European Telecommunications Standards Institute Discloses Data Breach
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Johnson Controls Ransomware Attack Could Impact DHS
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
