Zoneminder is a project maintained by Xeoma. Xeoma is a closed source application that is not affected by this issue. Zoneminder is a free, open source application which is not affected by this issue. Xeoma can be downloaded from https://www.xeoma.com/en/ The source code for Xeoma can be downloaded from https://github.com/Xeoma/Xeoma

Summary of the Zoneminder VPN Issue

An issue was found in Zoneminder before version 2.33.0 which allows an attacker to connect to the victim's system when the victim is using a VPN and performing certain operations, including adding or removing a user or changing the administrator password.
Vulnerable versions:
- Zoneminder 2.32.4 and earlier
- Zoneminder for Raspberry Pi (Linux) 1.3 and earlier
The vulnerability was fixed in 2.33.1, 2.33.2, 2.33.3 and later releases of Zoneminder.

Timeline

Published on: 10/07/2022 21:15:00 UTC
Last modified on: 10/11/2022 16:41:00 UTC

References