https://z3r0s6.github.io/tags/zoneminder/Recent content in ZoneMinder on z3r0sHugoenSun, 01 Mar 2026 00:00:00 +0000https://z3r0s6.github.io/machines/cctv/Sun, 01 Mar 2026 00:00:00 +0000https://z3r0s6.github.io/machines/cctv/<table> <thead> <tr> <th>Field</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>Difficulty</td> <td>Easy</td> </tr> <tr> <td>OS</td> <td>Linux (Ubuntu 24.04)</td> </tr> <tr> <td>CVE</td> <td>CVE-2024-51482</td> </tr> </tbody> </table> <hr> <h2 id="summary"> Summary <a class="heading-link" href="#summary"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>CCTV is an Easy Linux machine running ZoneMinder, a CCTV management web application. The attack chain involves exploiting a boolean-based SQL injection vulnerability (CVE-2024-51482) to enumerate the database and dump credentials, then pivoting through an internal Motion/MotionEye camera stack via command injection in the <code>picture_filename</code> parameter to gain a root shell.</p>