CVE-2017-20215

CVE Database · CVE-2017-20215

CVE-2017-20215

· HIGHDeferred

CVSS v3.1

8.8

CVSS v4.0

8.7

EPSS

13.99%

Published

Jan 7, 2026

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

References (8)

https://cxsecurity.com/issue/WLB-2017090207

https://packetstormsecurity.com/files/144325

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

https://www.exploit-db.com/exploits/42788/

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5437.php

https://cxsecurity.com/issue/WLB-2017090207

https://www.exploit-db.com/exploits/42788/

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5437.php

KEV Catalog EPSS Scores Vendors All CVEs