Exploits / Vulnerability Discovered : 2018-10-15 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Flir brickstream 3d+ 2.1.742.1842 config file disclosure is for educational purposes only and if it is used you will do on your own risk!
# Desc: The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config
# download and file disclosure vulnerability when calling the ExportConfig REST
# API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive
# information and help her in authentication bypass, privilege escalation and/or
# full system access.