Incorrect Access Control in getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166

Incorrect Access Control in getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166

CVE-2018-3813 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.

Learn more about our User Device Pen Test.