CVE-2018-25139

Exploit

EPSS 0.19%
Veröffentlicht 24.12.2025 19:27:47
Zuletzt bearbeitet 31.12.2025 18:40:36
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flir ≫ Flir Ax8 Firmware Version1.32.16

Flir ≫ Flir Ax8 Version-

Flir ≫ Flir Ax8 Firmware Version1.17.13

Flir ≫ Flir Ax8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.flir.com

Product

https://www.exploit-db.com/exploits/45606

Third Party Advisory

Exploit

VDB Entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5492.php

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-25139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-25139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-25139

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-25139