What is CVE-2022-25568?

CVE-2022-25568 is a vulnerability in N/a. Published 2022-03-24.

Is CVE-2022-25568 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

EPSS: 0.853 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/vulnerability-poc
ARPSyndicate/cvemon
ArrestX/--POC
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
d4n-sec/d4n-sec.github.io
intercladire/Awesome-POC

References

www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/ (x_refsource_MISC)
github.com/ccrisan/motioneye/issues/2292 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-25568?: CVE-2022-25568 is a vulnerability in N/a. Published 2022-03-24.
Is CVE-2022-25568 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.