94 matches found
GHSA-G5MQ-PRX7-C588 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...
Remote Code Execution (RCE)
motioneye is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of the constructed camera device path in the add/addcamera web API, which allows an attacker with admin credentials to execute arbitrary commands...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the addcamera API. An attacker with admin credentials can execute arbitrary commands within a non-interactive shell environment by constructing a malicious device path. This is only exploitable if the attacker has...
CVE-2025-47782
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
PYSEC-2025-39
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
PYSEC-2025-39
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
CVE-2025-47782
MotionEye vulnerability CVE-2025-47782: in versions 0.43.1b1–0.43.1b3, an attacker with admin credentials can trigger remote code execution by crafting a malicious device path via the add/add_camera API, allowing arbitrary shell commands to run as the motion user. Root cause: unsafe command execu...
CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
PT-2025-21180 · Motioneye · Motioneye
Name of the Vulnerable Software and Affected Versions: motionEye versions 0.43.1b1 through 0.43.1b3 Description: The issue allows an attacker with admin user credentials to execute any command within a non-interactive shell as the motionEye run user, motion by default, by using a constructed devi...
motionEye 操作系统命令注入漏洞
motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in motionEye versions 0.43.1b1 through 0.43.1b3, which stems from a constructed device path that could lead to the execution of arbitrary commands as the motion user...
Information Disclosure
motioneye is vulnerable to information disclosure. The vulnerability exists due to an insecure access control allowing an attacker to access sensitive information via the GET request to web API /config/list endpoint when a user's password is not configured...
GHSA-2C7W-V459-CWGF MotionEye allows attackers to access sensitive information
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
MotionEye allows attackers to access sensitive information
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
PYSEC-2022-43141
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
PYSEC-2022-43141
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...