CVE-2017-20214

CVE Database · CVE-2017-20214

CVE-2017-20214

· HIGHDeferred

CVSS v3.1

7.5

CVSS v4.0

9.3

EPSS

0.28%

Published

Jan 7, 2026

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-798

References (6)

https://cxsecurity.com/issue/WLB-2017090205

https://packetstormsecurity.com/files/144324

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

https://www.exploit-db.com/exploits/42787/

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php

KEV Catalog EPSS Scores Vendors All CVEs