CVE-2021-44255

Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. Date published : 2022-01-31 https://github.com/ccrisan/motioneyeos/issues/2843

https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye/