Cyber Resilience

CVE-2017-20213

HighPublic PoC

Published: 08 January 2026

Published
08 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2017-20213 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-9 (Service Identification and Authentication).

Deeper analysis

CVE-2017-20213 is an unauthenticated vulnerability in the FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64, classified under CWE-306 (Missing Authentication for Critical Function). It enables remote attackers to access live camera streams without any credentials, affecting multiple camera series by exposing unauthorized thermal camera video feeds. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges, user interaction, or special access.

Remote attackers can exploit this vulnerability over the network with low complexity and no authentication, directly viewing sensitive live thermal video feeds from affected FLIR cameras. Exploitation requires only network access to the camera's stream endpoint, allowing unauthorized surveillance or data exfiltration without detection or disruption to the device.

Advisories and related resources, including exploit details, are documented in references such as cxsecurity.com, packetstormsecurity.com, an archived FLIR security blog post, exploit-db.com, and zeroscience.mk, which outline the issue but do not specify patch availability in the provided details. Security practitioners should consult these for firmware update guidance from FLIR.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without…

more

requiring any authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
Why these techniques?

Direct unauthenticated network access to public-facing camera stream endpoint enables exploitation of public-facing applications (T1190) and unauthorized live video/thermal feed capture (T1125).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-66049Shared CWE-306
CVE-2019-25236Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306
CVE-2025-26362Shared CWE-306
CVE-2026-48692Shared CWE-306
CVE-2022-50981Shared CWE-306

Affected Assets

Cxsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires unique identification and authentication of the camera stream service as a prerequisite to access, directly preventing unauthenticated remote viewing of thermal feeds.

prevent

Enforces approved authorizations for logical access to system resources like live camera streams, mitigating the missing access enforcement in the firmware.

prevent

Protects thermal camera sensor data from unauthorized access, modification, or disclosure, tailored to the exposed live video feeds.

References