PT-2018-16208 · Flir · Flir Brickstream 2300
Published
2018-01-01
·
Updated
2018-01-17
·
CVE-2018-3813
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FLIR Brickstream 2300 devices versions 2.0 through 4.1.53.166
Description
The issue concerns incorrect access control, allowing unauthorized reading of sensitive fields via a direct request. Specifically, the
AVI USER ID and AVI USER PASSWORD fields can be accessed.Recommendations
For versions 2.0 through 4.1.53.166, restrict access to the
getConfigExportFile.cgi endpoint to minimize the risk of exploitation. Avoid using the AVI USER ID and AVI USER PASSWORD fields in the affected endpoint until the issue is resolved.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flir Brickstream 2300