CVE-2023-26035
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2023-26035. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 44.3% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
Available Exploits
ZoneMinder Snapshots - Command Injection
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.
References:
- https://www.rapid7.com/db/modules/exploit/unix/webapp/zoneminder_snapshots/
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
- https://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html
- https://github.com/rvizx/CVE-2023-26035
- https://nvd.nist.gov/vuln/detail/CVE-2023-26035