CVE-2017-20212 HIGH

CVE-2017-20212: FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading

Vendor Flir Systems, Inc.
Product FLIR Thermal Camera F/FC/PT/D
Weakness CWE-22 · Path traversal
Published January 7, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
April 7, 2026 Record updated