CVE-2022-37109

CRITICAL

camp_project camp < 2022-07-21 - Insufficiently Protected Credentials via StaticFileHandler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37109. PoCs published by Elias Hohl.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass in the 'camp' Raspberry Pi camera server by leveraging path traversal to retrieve the password hash and then crafting a signed cookie to bypass login requirements.

Description

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.

Exploits (1)

exploitdb WORKING POC

by Elias Hohl · textwebappspython

https://www.exploit-db.com/exploits/51041

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass in the 'camp' Raspberry Pi camera server by leveraging path traversal to retrieve the password hash and then crafting a signed cookie to bypass login requirements.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: camp Raspberry Pi camera server < bf6af5c2e5cf713e4050c11c52dd4c55e89880b1

No auth needed

Prerequisites: Access to the target server · Server running with --require-login flag

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://medium.com/%40elias.hohl/authentication-bypass-vulnerability-in-camp-a-raspberry-pi-camera-server-477e5d270904

Third Party Advisory

https://github.com/ehtec/camp-exploit

View Writeup ZIP pw:eip

Patch, Third Party Advisory

https://github.com/patrickfuller/camp/commit/bf6af5c2e5cf713e4050c11c52dd4c55e89880b1

View Patch ZIP pw:eip

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171478/Raspberry-Pi-Camera-Server-1.0-Authentication-Bypass.html

Scores

CVSS v3 9.8

EPSS 0.4920

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

camp_project/camp < 2022-07-21

Published Nov 14, 2022

Tracked Since Feb 18, 2026