3 matches found
CVE-2025-60787
Summary: CVE-2025-60787 affects MotionEye versions ≤ 0.43.1b4, enabling OS Command Injection via unsanitized configuration fields such as image_file_name written to /etc/motioneye/camera-*.conf. On restart, the vulnerable Motion process parses these fields as shell commands, leading to Remote Cod...
CVE-2022-25568
Summary of CVE-2022-25568 (MotionEye) : MotionEye versions 0.42.1 and earlier allow unauthenticated attackers to retrieve sensitive configuration data via a GET to /config/list when a regular user password is not configured. The risk arises from insufficient access controls on the /config/list en...
CVE-2021-44255
MotionEye (≤ 0.42.1) and MotionEyeOS (≤ 20200606) expose an authenticated RCE via uploading a configuration backup containing a malicious Python pickle. This allows a remote attacker to execute arbitrary code on the server when the installation is reachable over the Internet with weak/absent auth...