CVE-2022-25568
N/A
N/A
Summary
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/
- https://github.com/ccrisan/motioneye/issues/2292
References
- https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/
- https://github.com/ccrisan/motioneye/issues/2292
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.