CVE-2022-25568
published 2022-03-24CVE-2022-25568: MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.83%
93.2th percentile
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| motioneye_project | motioneye | <= 0.42.1 | — |
| motioneye_project | motioneye | >= 0 < 0.43.1b1 | 0.43.1b1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring GET requests to /config/list returning HTTP 200 with JSON content-type and body containing both 'upload_password' and 'network_password' fields. ↗
- →Identify exposed MotionEye instances via Shodan using html:"MotionEye" or http.html:"motioneye", and via FOFA using body="motioneye", as potential targets for this unauthenticated config disclosure. ↗
- →Vulnerability is only exploitable when the regular user password is unconfigured (default/blank). Prioritize detection on MotionEye instances with no user authentication set. ↗
- ·Exploitation requires the regular user password to be unconfigured (blank/default). Instances with a user password set are NOT vulnerable. ↗
- ·Affected versions are MotionEye v0.42.1 and below only. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MotionEye allows attackers to access sensitive information
ghsa·2022-03-25
CVE-2022-25568 [HIGH] CWE-200 MotionEye allows attackers to access sensitive information
MotionEye allows attackers to access sensitive information
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
OSV
MotionEye allows attackers to access sensitive information
osv·2022-03-25
CVE-2022-25568 [HIGH] MotionEye allows attackers to access sensitive information
MotionEye allows attackers to access sensitive information
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
OSV
CVE-2022-25568: MotionEye v0
osv·2022-03-24
CVE-2022-25568 CVE-2022-25568: MotionEye v0
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
No detection rules found.
Nuclei
MotionEye Config Info Disclosure
nuclei·CVSS 7.5
CVE-2022-25568 [HIGH] MotionEye Config Info Disclosure
MotionEye Config Info Disclosure
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
Template:
id: CVE-2022-25568
info:
name: MotionEye Config Info Disclosure
author: DhiyaneshDK
severity: high
description: |
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
impact: |
Unauthenticated attackers can access sensitive MotionEye configuration data including upload passwords and network passwords through the /config/list endpoint when regular user authentication is not configured, potentially compromising camera systems
No writeups or analysis indexed.
2022-03-24
Published