FLIR Systems Thermal Imaging Cameras
NJCCIC Alert
Original Release Date: 2017-10-12
Security Researcher Gjoko Krstic of Zero Science Labs discovered hard-coded SSH credentials in FLIR Systems thermal imaging cameras that could be used by threat actors to gain unauthorized access to the affected devices. Krstic also found four other vulnerabilities, the most severe of which could provide threat actors with root privileges. The affected camera models include: FC-Series S (FC-334-NTSC), FC-Series ID, FC-Series R, PT-Series (PT-334 200562), D-Series, and F-Series. The proof-of-concept code and the hardcoded credentials have been made publicly available.
The NJCCIC recommends all users and administrators of the affected cameras review Krstic’s report, place cameras behind a firewall to prevent external access, and update the device if a patch becomes available.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.