CVE-2025-60787
- EPSS 65.96%
- Veröffentlicht 03.10.2025 00:00:00
- Zuletzt bearbeitet 10.10.2025 16:22:30
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to ac...
CVE-2025-47782
- EPSS 0.09%
- Veröffentlicht 14.05.2025 16:15:29
- Zuletzt bearbeitet 16.05.2025 14:43:56
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an atta...
CVE-2022-25568
- EPSS 85.31%
- Veröffentlicht 24.03.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:52:22
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
CVE-2021-44255
- EPSS 13.64%
- Veröffentlicht 31.01.2022 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:30:40
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.