📄 Frigate NVR 0.16.3 Remote Command Execution

This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...

Exploit for Improper Privilege Management in Frigate

Frigate NVR ≤ 0.16.3 Blind RCE Exploit CVE-2026-25643 PoC...

Tattile Smart+ 访问控制错误漏洞

Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions have an access control vulnerability. This vulnerability stems from the fact that RTSP streams do not require authentication, which may...

Tattile Smart+ 代码问题漏洞

Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...

CVE-2026-2821

CVE-2026-2821 affects Fujian Smart Integrated Management Platform System up to version 7.5. An issue in the /Module/CRXT/Controller/XCamera.ashx handler allows altering the ChannelName argument to trigger a SQL injection. This enables remote exploitation with no authentication required and has pu...

FLIR Systems AX8 Cameras Use of Hard-coded Credentials (CVE-2018-25138)

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

FLIR Systems AX8 Cameras Command Injection (CVE-2025-5126)

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

FLIR Systems AX8 Cameras Incorrect Privilege Assignment (CVE-2024-3013)

A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/testlogin.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploi...

FLIR Systems AX8 Cameras Path Traversal (CVE-2023-51127)

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. NOTE...

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

CVE-2019-25354

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

CVE-2019-25354

The CVE-2019-25354 entry concerns iSmartViewPro version 1.3.34, where a denial-of-service vulnerability can crash the app by overflowing the camera ID input field. The issue can be triggered when a user pastes a 257-character buffer into the camera DID and password fields, causing a crash on iOS ...

CVE-2019-25354 iSmartViewPro 1.3.34 - Denial of Service

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

CVE-2019-25354 iSmartViewPro 1.3.34 - Denial of Service

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

PT-2026-20529

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.3.34 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability allows attackers to cause the application to crash by entering the camera ID field,...

Hobby coder accidentally creates vacuum robot army

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. Driven by purely playful reasons,...

Honeywell HIB2PI CCTV Camera (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. 2. RECOMMENDED PRACTICES CISA recommends...

CVE-2020-37175

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices...

CVE-2020-37175 P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices...