Published: 25/02/2023 Updated: 14/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoneminder zoneminder

Check Point Reference: CPAI-2023-1240 Date Published: 26 Nov 2023 Severity: Critical ...

ZoneMinder Snapshots versions prior to 13733 suffer from an unauthenticated remote code execution vulnerability ...

Exploit for CVE-2023-26035 affecting ZoneMinder < 1.36.33 and < 1.37.33

Exploit - ZoneMinder CVE-2023-26035 There is a Unauthenticated Remote Code Execution (RCE) affecting ZoneMinder Snapshots This is an exploit for CVE-2023-26035 Affected versions ZoneMinder < 13633 and ZoneMinder < 13733 Usage Check if the target is vulnerable: python3 zoneminderpy target Execute a command pyt

Unauthenticated RCE in ZoneMinder Snapshots - Poc Exploit

CVE-2023-26035 Unauthenticated RCE in ZoneMinder Snapshots - PoC Exploit Description ZoneMinder versions prior to 13633 and 13733 are vulnerable to Unauthenticated Remote Code Execution due to missing authorization checks in the snapshot action Usage git clone githubcom/rvizx/CVE-2023-26035 cd CVE-2023-26035 python3 exploitpy

POC script for CVE-2023-26035 (zoneminder 1.36.32)

POC for CVE-2023-26035 Works for ZoneMinder (Versions prior to 13633 and 13733) Vulnerability : Remote Code Execution (RCE) Usage └─➜ python3 pocpy -h usage: pocpy [-h] --target TARGET --cmd CMD pocpy: error: the following arguments are required: --target, --cmd Curl Before jumping to rev shell, try this first, if you ge

This is a script written in Python that allows the exploitation of the Zoneminder's security flaw described in CVE 2023-26035.

Zoneminder Unauthenticated RCE via Snapshots (CVE-2023-26035) POC This is a script written in Python that allows the exploitation of the Zoneminder's security flaw in the described in CVE 2023-26035 The system is vulnerable in versions preceding 13633 and 13733 Usage Clone the repository to your machine and install the dependencies using pip (it is recommended to use

This is a script written in Python that allows the exploitation of the Zoneminder's security flaw described in CVE 2023-26035.

Zoneminder Unauthenticated RCE via Snapshots (CVE-2023-26035) POC This is a script written in Python that allows the exploitation of the Zoneminder's security flaw in the described in CVE 2023-26035 The system is vulnerable in versions preceding 13633 and 13733 Usage Clone the repository to your machine and install the dependencies using pip (it is recommended to use

ZoneMinder Snapshots - Unauthenticated

CVE-2023-26035 ZoneMinder Snapshots - Unauthenticated Install Grab Repo $ git clone githubcom/Yuma-Tsushima07/CVE-2023-26035git Setup Note: Install the latest version of node $ npm init $ npm i axios cheerio yargs Usage ┌─[✗]─[v37r1x@7h3B14ckKn1gh75]─[~/Documents/Code/CVE-2023-

CWE-862 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/177639/ZoneMinder-Snapshots-Remote-Code-Execution.html https://github.com/Faelian/zoneminder_CVE-2023-26035 https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1240.html

CVE-2023-26035

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect