frigate-api-exposure: Frigate NVR - API Exposure

日期: 2026-01-16 | 影响软件: Frigate NVR | POC: 已公开

漏洞描述

Detected an exposed Frigate NVR API, potentially allowing unauthorized access to camera feeds, internal network configuration, and MQTT credentials.

PoC代码[已公开]

id: frigate-api-exposure

info:
  name: Frigate NVR - API Exposure
  author: 0x_Akoko
  severity: medium
  description: |
    Detected an exposed Frigate NVR API, potentially allowing unauthorized access to camera feeds, internal network configuration, and MQTT credentials.
  reference:
    - https://frigate.video/
    - https://github.com/blakeblackshear/frigate
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"Frigate"
    fofa-query: title="Frigate"
  tags: frigate,nvr,iot,exposure,camera,config

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/config"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "\"cameras\"", "\"version\"", "\"detectors\"")'
          - 'contains_any(body, "\"mqtt\"", "\"frigate\"", "\"birdseye\"", "\"record\"")'
        condition: and
# digest: 490a004630440220212b952cced6696c071e65b64d12a8550a558b9924515e4c9171f4579ca685ff022040ab3dd80e3bcf7cc430e32b95664b93d94f10805193accb52e1e8e7b2fa73bd:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/apis/frigate-api-exposure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐