cbcvebase.
CVE-2022-25568
published 2022-03-24

CVE-2022-25568: MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.83%
93.2th percentile
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

Affected

2 ranges
VendorProductVersion rangeFixed in
motioneye_projectmotioneye<= 0.42.1
motioneye_projectmotioneye>= 0 < 0.43.1b10.43.1b1

Detection & IOCsextracted from sources · hover to see the quote

url/config/list
path/config/list
otherupload_password
othernetwork_password
  • Detect exploitation attempts by monitoring GET requests to /config/list returning HTTP 200 with JSON content-type and body containing both 'upload_password' and 'network_password' fields.
  • Identify exposed MotionEye instances via Shodan using html:"MotionEye" or http.html:"motioneye", and via FOFA using body="motioneye", as potential targets for this unauthenticated config disclosure.
  • Vulnerability is only exploitable when the regular user password is unconfigured (default/blank). Prioritize detection on MotionEye instances with no user authentication set.
  • ·Exploitation requires the regular user password to be unconfigured (blank/default). Instances with a user password set are NOT vulnerable.
  • ·Affected versions are MotionEye v0.42.1 and below only.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.