Frigate Network Video Recorder Vulnerable to CSRF Attacks

CVECVE-2023-45670
CVSScvssV3_1: 7.5
SourceCVE-2023-45670

Frigate, an open source network video recorder software, was found to have a vulnerability that could allow attackers to make unauthorized changes to its configuration.

The issue lies in the lack of CSRF (Cross-Site Request Forgery) protection in Frigate’s API endpoints used for saving and updating configurations. This could enable an attacker to trick an authenticated Frigate user into clicking a malicious link and perform actions on their account without their knowledge or consent.

While exploiting the vulnerability requires the Frigate instance to be publicly accessible on the internet and the attacker to know specific details about the target user’s setup, it is still a risk. A victim clicking a link or button on a malicious website could allow an attacker to make changes like disabling security features, altering recordings or extracting private footage.

To stay protected, Frigate users should update to the latest version that fixes this issue. It is also recommended to not expose the video recorder to public internet access if possible and use strong and unique credentials. General security best practices like avoiding untrusted links and wariness of unsolicited messages apply.

Keeping software updated and access limited are effective ways of blocking exploits of vulnerabilities like CSRF issues in video surveillance tools. Staying vigilant against social engineering tricks used by attackers is important as well.

References