Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Thermal Traffic Cameras by FLIR Systems, Inc.

    CVE-2018-25140 (GCVE-0-2018-25140)

    Vulnerability from nvd – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:26
    VLAI
    Title
    FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation
    Summary
    FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    FLIR Systems, Inc. Thermal Traffic Cameras Affected: V1.01-0bb5b27
    Affected: E1.00.09
    Affected: V1.02.P01
    Affected: V1.05.P01
    Affected: V1.04.P02
    Affected: V1.04
    Affected: V1.01.P02
    Affected: V1.05.P03
    Affected: V1.06
    Affected: V1.02.P02
    Create a notification for this product.
    Date Public
    2018-10-06 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25140",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-24T20:12:35.313246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-24T20:26:09.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Thermal Traffic Cameras",
              "vendor": "FLIR Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.01-0bb5b27"
                },
                {
                  "status": "affected",
                  "version": "E1.00.09"
                },
                {
                  "status": "affected",
                  "version": "V1.02.P01"
                },
                {
                  "status": "affected",
                  "version": "V1.05.P01"
                },
                {
                  "status": "affected",
                  "version": "V1.04.P02"
                },
                {
                  "status": "affected",
                  "version": "V1.04"
                },
                {
                  "status": "affected",
                  "version": "V1.01.P02"
                },
                {
                  "status": "affected",
                  "version": "V1.05.P03"
                },
                {
                  "status": "affected",
                  "version": "V1.06"
                },
                {
                  "status": "affected",
                  "version": "V1.02.P02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2018-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-24T19:27:47.524Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-45539",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/45539"
            },
            {
              "name": "FLIR Systems Official Website",
              "tags": [
                "product"
              ],
              "url": "https://www.flir.com"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2018-5490)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php"
            }
          ],
          "title": "FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25140",
        "datePublished": "2025-12-24T19:27:47.524Z",
        "dateReserved": "2025-12-24T14:28:02.434Z",
        "dateUpdated": "2025-12-24T20:26:09.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-25140 (GCVE-0-2018-25140)

    Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:26
    VLAI
    Title
    FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation
    Summary
    FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    FLIR Systems, Inc. Thermal Traffic Cameras Affected: V1.01-0bb5b27
    Affected: E1.00.09
    Affected: V1.02.P01
    Affected: V1.05.P01
    Affected: V1.04.P02
    Affected: V1.04
    Affected: V1.01.P02
    Affected: V1.05.P03
    Affected: V1.06
    Affected: V1.02.P02
    Create a notification for this product.
    Date Public
    2018-10-06 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25140",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-24T20:12:35.313246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-24T20:26:09.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Thermal Traffic Cameras",
              "vendor": "FLIR Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.01-0bb5b27"
                },
                {
                  "status": "affected",
                  "version": "E1.00.09"
                },
                {
                  "status": "affected",
                  "version": "V1.02.P01"
                },
                {
                  "status": "affected",
                  "version": "V1.05.P01"
                },
                {
                  "status": "affected",
                  "version": "V1.04.P02"
                },
                {
                  "status": "affected",
                  "version": "V1.04"
                },
                {
                  "status": "affected",
                  "version": "V1.01.P02"
                },
                {
                  "status": "affected",
                  "version": "V1.05.P03"
                },
                {
                  "status": "affected",
                  "version": "V1.06"
                },
                {
                  "status": "affected",
                  "version": "V1.02.P02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2018-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-24T19:27:47.524Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-45539",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/45539"
            },
            {
              "name": "FLIR Systems Official Website",
              "tags": [
                "product"
              ],
              "url": "https://www.flir.com"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2018-5490)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php"
            }
          ],
          "title": "FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25140",
        "datePublished": "2025-12-24T19:27:47.524Z",
        "dateReserved": "2025-12-24T14:28:02.434Z",
        "dateUpdated": "2025-12-24T20:26:09.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }