CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
82.9%
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.
Vendor | Product | Version | CPE |
---|---|---|---|
flir | brickstream_2300_2d_firmware | 2.0_4.1.53.166 | cpe:2.3:o:flir:brickstream_2300_2d_firmware:2.0_4.1.53.166:*:*:*:*:*:*:* |
flir | brickstream_2300_2d | - | cpe:2.3:h:flir:brickstream_2300_2d:-:*:*:*:*:*:*:* |
flir | brickstream_2300_3d_firmware | 2.0_4.1.53.166 | cpe:2.3:o:flir:brickstream_2300_3d_firmware:2.0_4.1.53.166:*:*:*:*:*:*:* |
flir | brickstream_2300_3d | - | cpe:2.3:h:flir:brickstream_2300_3d:-:*:*:*:*:*:*:* |
flir | brickstream_2300_3d\+_firmware | 2.0_4.1.53.166 | cpe:2.3:o:flir:brickstream_2300_3d\+_firmware:2.0_4.1.53.166:*:*:*:*:*:*:* |
flir | brickstream_2300_3d\+ | - | cpe:2.3:h:flir:brickstream_2300_3d\+:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
82.9%