Vulnerabilities > CVE-2022-25568 - Insecure Default Initialization of Resource vulnerability in Motioneye Project Motioneye

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
motioneye-project
CWE-1188

Summary

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

Vulnerable Configurations

Part Description Count
Application
Motioneye_Project
69