Lucene search
+L

99 matches found

Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.5 views

PT-2025-40530

Name of the Vulnerable Software and Affected Versions MotionEye versions 0.43.1b4 and earlier Description MotionEye is susceptible to a command injection issue that allows attackers to achieve Remote Code Execution RCE. The vulnerability arises because MotionEye writes user-supplied values direct...

7.2CVSS6.1AI score0.18993EPSS
Exploits17References20
CVE
CVE
added 2025/10/03 12:0 a.m.215 views

CVE-2025-60787

Summary: CVE-2025-60787 affects MotionEye versions ≤ 0.43.1b4, enabling OS Command Injection via unsanitized configuration fields such as image_file_name written to /etc/motioneye/camera-*.conf. On restart, the vulnerable Motion process parses these fields as shell commands, leading to Remote Cod...

7.2CVSS7.5AI score0.18993EPSS
Exploits17References1Affected Software1
OSV
OSV
added 2025/10/03 12:0 a.m.7 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.2CVSS7.9AI score0.18993EPSS
Exploits17References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.5 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS6.5AI score0.06829EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 4:9 p.m.12 views

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.3AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 4:10 p.m.9 views

GHSA-G5MQ-PRX7-C588 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...

9.3CVSS7.2AI score0.00424EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/05/15 4:10 p.m.34 views

motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...

9.3CVSS7.3AI score0.00424EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/05/15 8:33 a.m.10 views

Remote Code Execution (RCE)

motioneye is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of the constructed camera device path in the add/addcamera web API, which allows an attacker with admin credentials to execute arbitrary commands...

9.3CVSS8AI score0.00424EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/05/14 4:44 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the addcamera API. An attacker with admin credentials can execute arbitrary commands within a non-interactive shell environment by constructing a malicious device path. This is only exploitable if the attacker has...

9.8CVSS7.9AI score0.00424EPSS
Exploits0References2
NVD
NVD
added 2025/05/14 4:15 p.m.16 views

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS0.00424EPSS
Exploits0References3
PyPA
PyPA
added 2025/05/14 4:15 p.m.10 views

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.3AI score0.00424EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/14 4:15 p.m.6 views

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.5AI score0.00424EPSS
Exploits0References3
CVE
CVE
added 2025/05/14 3:54 p.m.66 views

CVE-2025-47782

MotionEye vulnerability CVE-2025-47782: in versions 0.43.1b1–0.43.1b3, an attacker with admin credentials can trigger remote code execution by crafting a malicious device path via the add/add_camera API, allowing arbitrary shell commands to run as the motion user. Root cause: unsafe command execu...

9.3CVSS7.5AI score0.00424EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/14 3:54 p.m.14 views

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.3AI score0.00424EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/14 3:54 p.m.32 views

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS0.00424EPSS
Exploits0References3
OSV
OSV
added 2025/05/14 3:54 p.m.8 views

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS6.9AI score0.00424EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

motionEye 操作系统命令注入漏洞

motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in motionEye versions 0.43.1b1 through 0.43.1b3, which stems from a constructed device path that could lead to the execution of arbitrary commands as the motion user...

9.3CVSS6.8AI score0.00424EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21180 · Motioneye · Motioneye

Name of the Vulnerable Software and Affected Versions: motionEye versions 0.43.1b1 through 0.43.1b3 Description: The issue allows an attacker with admin user credentials to execute any command within a non-interactive shell as the motionEye run user, motion by default, by using a constructed devi...

9.3CVSS6.8AI score0.00424EPSS
Exploits0References14
Veracode
Veracode
added 2022/03/25 3:52 a.m.7 views

Information Disclosure

motioneye is vulnerable to information disclosure. The vulnerability exists due to an insecure access control allowing an attacker to access sensitive information via the GET request to web API /config/list endpoint when a user's password is not configured...

7.5CVSS6.3AI score0.06829EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/25 12:0 a.m.8 views

GHSA-2C7W-V459-CWGF MotionEye allows attackers to access sensitive information

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS7.4AI score0.06829EPSS
Exploits1References6
Rows per page
Query Builder