Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2017-20216
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Published: Jan 08, 2026
Last Modified: Jan 08, 2026
Vulnerability Description
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
References & Resources
-
https://cxsecurity.com/issue/WLB-2017090203disclosure@vulncheck.com
-
https://packetstormsecurity.com/files/144321disclosure@vulncheck.com
-
https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043disclosure@vulncheck.com
-
https://www.exploit-db.com/exploits/42785/disclosure@vulncheck.com
-
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5438.phpdisclosure@vulncheck.com
-
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5438.php134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity Details
9.8
out of 10.0
Critical
Key Information
- Published Date
- January 08, 2026
