Motioneye Project: >> Motioneye Security Vulnerabilities
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
CVSS Score
7.2
EPSS Score
0.32
Published
2025-10-03
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
CVSS Score
7.5
EPSS Score
0.898
Published
2022-03-24
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
CVSS Score
7.2
EPSS Score
0.141
Published
2022-01-31