python · motioneyeCritical
motionEye Remote Code Execution via Multi-Stage Chain
A multi-stage chain in motionEye leads to remote code execution via LFI, pass-the-hash admin auth, unsafe config restore, and unauthenticated action execution.
What changed
A multi-stage chain in motionEye leads to remote code execution via LFI, pass-the-hash admin auth, unsafe config restore, and unauthenticated action execution.
Who it affects
All motionEye installations with at least one local motion camera; unauthenticated RCE if normal password is unset, otherwise authenticated RCE with normal user credentials.
What to do today
Apply the suggested fixes: block absolute paths in get_media_content(), remove hash-based signature acceptance, harden restore, and require authentication on ActionHandler.
The trail
Collected→
Audited→
Written→
Published