← Back
2025-12-24 19:27CVE-2018-25136VulnCheck
PUBLISHED5.2CWE-306

FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.

Problem type

Affected products

FLIR Systems, Inc.

Brickstream 3D+

2.1.742.1842 - AFFECTED

1.0.0 - AFFECTED

0.10.33 - AFFECTED

0.1.1.47 - AFFECTED

References

ExploitDB-45607

https://www.exploit-db.com/exploits/45607

exploit
FLIR Brickstream Product Homepage

http://www.brickstream.com

product
Zero Science Lab Disclosure (ZSL-2018-5496)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php

third-party-advisory

GitHub Security Advisories

GHSA-rjwj-m7w5-fr82

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote...

https://github.com/advisories/GHSA-rjwj-m7w5-fr82

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25136

exploit-db.com

https://www.exploit-db.com/exploits/45607

zeroscience.mk

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php

brickstream.com

http://www.brickstream.com

github.com

https://github.com/advisories/GHSA-rjwj-m7w5-fr82

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25136
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25136",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2025-12-24T20:26:35.205Z",
    "dateReserved": "2025-12-24T14:28:02.433Z",
    "datePublished": "2025-12-24T19:27:45.779Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2025-12-24T19:27:45.779Z"
      },
      "datePublic": "2018-07-26T00:00:00.000Z",
      "title": "FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream Disclosure",
      "descriptions": [
        {
          "lang": "en",
          "value": "FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg."
        }
      ],
      "affected": [
        {
          "vendor": "FLIR Systems, Inc.",
          "product": "Brickstream 3D+",
          "versions": [
            {
              "version": "2.1.742.1842",
              "status": "affected"
            },
            {
              "version": "1.0.0",
              "status": "affected"
            },
            {
              "version": "0.10.33",
              "status": "affected"
            },
            {
              "version": "0.1.1.47",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Missing Authentication for Critical Function",
              "cweId": "CWE-306",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/45607",
          "name": "ExploitDB-45607",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "http://www.brickstream.com",
          "name": "FLIR Brickstream Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php",
          "name": "Zero Science Lab Disclosure (ZSL-2018-5496)",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-24T20:26:35.205Z"
        },
        "title": "CISA ADP Vulnrichment",
        "references": [
          {
            "url": "https://www.exploit-db.com/exploits/45607",
            "tags": [
              "exploit"
            ]
          },
          {
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5496.php",
            "tags": [
              "exploit"
            ]
          }
        ],
        "metrics": [
          {}
        ]
      }
    ]
  }
}