CVE-2022-29806

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.36.13

Description The issue is related to incorrect restriction of a directory path with limited access in ZoneMinder, a video surveillance software. This can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted file to the server. The vulnerability can be exploited via an invalid language, which contributes to its exploitability.

Recommendations For versions prior to 1.36.13, update to version 1.36.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the language settings to minimize the risk of exploitation.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2022-2575

ALT-PU-2022-2771

ALT-PU-2023-7284

BDU:2023-01774

CVE-2022-29806

USN-5889-1

Affected Products

Alt Linux

Debian

Linuxmint

Ubuntu

Zoneminder

CVE-2022-29806

Weakness Enumeration

Related Identifiers

Affected Products

References · 38