Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Network endpoint reachable by any viewer so AV:N/AC:L/PR:L/UI:N; credential disclosure gives C:H and resulting admin takeover gives I:H, while direct availability impact is not demonstrated (A:N).
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and enabling viewer-to-admin privilege escalation. A fixed release has not been identified.
AnalysisAI
{service} endpoint to download raw Frigate and nginx logs. Those logs record request query strings containing auto-generated admin passwords and camera credentials, so a viewer can harvest them and re-authenticate as administrator. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires one valid authenticated Frigate account at the viewer role or higher plus network reachability to the API - the viewer role suffices because GET /api/logs/{service} authenticates but does not enforce role-based authorization. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), and the vector is internally consistent with the description: network-reachable, low complexity, low privileges (a valid viewer account), no user interaction, with high confidentiality and integrity impact from credential theft and subsequent admin takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker holding a viewer-role Frigate account (granted, phished, or guessed) logs in and issues GET /api/logs/nginx and GET /api/logs/frigate. The returned logs contain URL query strings holding the auto-generated admin password and camera credentials; the attacker reads them and re-authenticates as administrator, gaining full control of the NVR and its cameras. … |
| Remediation | No vendor-released patched version has been identified at time of analysis, but an upstream fix is available as commits (68e8afd35c76f05f68de47ee9588d2c91796de4b and bd1fc1cc72cd4fa371464a087cbf3d7f3142edc6 in blakeblackshear/frigate); the released, tagged patched version is not independently confirmed, so monitor the advisory at https://github.com/blakeblackshear/frigate/security/advisories/GHSA-c4qf-xxq4-vf55 and upgrade as soon as a fixed release ships, or build from the patched commits if you can validate them. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: rotate all administrator passwords and camera credentials that may have been logged; restrict network access to the Frigate log download endpoint to administrative networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau
A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescap
An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range fi
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42287