Vendor
An attacker can chain multiple vulnerabilities in motionEye, including an arbitrary file read (LFI), a signature bypass using password hashes, and an unsafe configuration restore, to achieve unauthenticated remote code execution (RCE) if the normal user password is unset, or authenticated RCE from a normal user account.