FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access

Posted on 15 October 2018

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.