Sign In
Advisories

FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream Disclosure

Go Back
severity
high
date
Affecting

  • Brickstream 3D+ 2.1.742.1842, 1.0.0, 0.10.33, 0.1.1.47

CWE
  • CWE-306 Missing Authentication for Critical Function
CVSS
8.7
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.