Cyber Resilience

CVE-2017-20214

CriticalPublic PoC

Published: 08 January 2026

Published
08 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20214 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Zeroscience (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique SSH (T1021.004); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2017-20214 is a vulnerability in FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64, where hard-coded SSH credentials are embedded and cannot be changed through normal camera operations. This issue, published on 2026-01-08, falls under CWE-798 (Use of Hard-coded Credentials) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact from network-based access.

Remote attackers with network access to the affected camera can exploit these persistent credentials without requiring privileges, user interaction, or high complexity. Successful exploitation grants unauthorized remote SSH access to the thermal camera system, enabling potential data extraction or further compromise.

Advisories and related resources, including the archived FLIR security blog at https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043, exploit details at https://www.exploit-db.com/exploits/42787/, and reports from https://cxsecurity.com/issue/WLB-2017090205, https://packetstormsecurity.com/files/144324, and https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php, provide further details on the issue and potential mitigations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hard-coded SSH credentials directly enable remote authentication and access via SSH (T1021.004) using valid accounts (T1078) with no additional credential acquisition required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57811Shared CWE-798
CVE-2025-49551Shared CWE-798
CVE-2025-1393Shared CWE-798
CVE-2026-24840Shared CWE-798
CVE-2025-2538Shared CWE-798
CVE-2025-40537Shared CWE-798
CVE-2024-52902Shared CWE-798
CVE-2025-8857Shared CWE-798
CVE-2026-42373Shared CWE-798
CVE-2025-37103Shared CWE-798

Affected Assets

Zeroscience
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires secure management of authenticators including changing default content and protecting from unauthorized disclosure, directly preventing use of hard-coded SSH credentials.

prevent

SI-2 mandates identification, reporting, and timely remediation of system flaws such as hard-coded credentials via firmware updates.

AC-17 Remote Access partial match
preventdetect

AC-17 authorizes, configures, and monitors remote access mechanisms like SSH, limiting exploitation opportunities from hard-coded credentials.

References