CVE-2022-25568 — AI Deep Analysis Summary

🚨 **Essence**: MotionEye v0.42.1 and below has an **Information Disclosure** flaw. <br>📉 **Consequences**: Attackers can steal sensitive configuration data via a simple GET request to `/config/list`.

🛡️ **Root Cause**: Missing **Access Control** and **Filtering** on the `/config/list` endpoint. <br>🔓 **Flaw**: The application fails to restrict unauthenticated or unauthorized access to this specific API route.

📦 **Affected**: **MotionEye-Project MotionEye**. <br>📅 **Versions**: v0.42.1 and all previous versions. <br>👤 **Developer**: Calin Crisan (Personal Project).

🕵️ **Hackers' Power**: Access **sensitive information** (likely credentials/configs). <br>🔑 **Data Type**: Configuration details exposed via the `/config/list` GET request.

⚠️ **Threshold**: **Medium/Low**. <br>🔑 **Condition**: Exploitation requires a **regular user password to be unconfigured** (disabled/empty). If password is set, this specific vector may be blocked.

🌐 **Public Exp?**: **Yes**. <br>📜 **PoC**: Available via **Nuclei Templates** and **Awesome-POC** repositories on GitHub. Easy to automate.

🔍 **Self-Check**: Scan for the endpoint `/config/list`. <br>📡 **Method**: Send a **GET request**. If sensitive data is returned without proper auth, you are vulnerable. Use tools like Nuclei.

🛠️ **Official Fix**: The data implies the issue is in v0.42.1 and below. <br>✅ **Action**: Check for **updates** to the latest version from the official GitHub repository (ccrisan/motioneye).

🚧 **No Patch?**: **Workaround**: Ensure a **strong password is configured** for regular users. <br>🔒 **Mitigation**: Restrict access to `/config/list` via **Firewall/WAF** rules if possible.

🔥 **Urgency**: **High Priority** (if password is empty). <br>⚡ **Reason**: Easy exploitation via public PoC. If your instance has no password set, patch **IMMEDIATELY**.