FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure

Advisories

severity: high
date: December 24, 2025
Affecting: FLIR AX8 Thermal Camera 1.32.16
CVE: CVE-2018-25139
CWE: CWE-306 Missing Authentication for Critical Function
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-45606
FLIR Systems Official Product Homepage
Zero Science Lab Disclosure (ZSL-2018-5492)
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.