CVE-2018-25139

Published: Dec 24, 2025Modified: Dec 31, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

Affected (2)

Products: Flir: Flir Ax8 Firmware

1 product

Flir Ax8 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Flir Flir Ax8 Firmware	Version 1.32.16

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Flir Flir Ax8 Firmware	Version 1.17.13

Running on/with	Platform Versions
Flir Flir Ax8	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (5)

https://www.exploit-db.com/exploits/45606

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.flir.com

Source: disclosure@vulncheck.com

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5492.php

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/45606

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party AdvisoryVDB Entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5492.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.