CVE-2022-25568

Published March 24th, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

motioneye-project/motioneye

A web frontend for the motion daemon.

GitHub

4.6K