PT-2026-1670 · Flir · Flir Thermal Camera Pt-Series
Published
2026-01-08
·
Updated
2026-01-08
·
CVE-2017-20216
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FLIR Thermal Camera PT-Series firmware version 8.0.0.64
Description
The FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection issues in the
controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell exec() calls. The Shadowserver Foundation observed exploitation evidence on 2026-01-06 (UTC).Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flir Thermal Camera Pt-Series