Frigate is an open-source network video recorder (NVR) designed for real-time local object detection on IP cameras. In versions 0.16.2 and earlier, a critical authorization flaw (CWE-285) exists whereby users assigned the viewer role—intended to have read-only access—can delete accounts belonging to administrators and other low-privileged users. This improper authorization vulnerability arises from insufficient access control checks on account deletion functionality. Since the viewer role is typically granted to less trusted users, this flaw allows an attacker with minimal privileges to escalate their impact by removing key user accounts, potentially locking out legitimate administrators and disrupting system operations. The consequence is a denial of service condition and potential data integrity issues, as user management is compromised. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting high severity due to its network attack vector, low complexity, and lack of required user interaction. No known exploits are currently reported in the wild, but the flaw has been publicly disclosed and patched in version 0.16.3. Organizations running vulnerable versions should prioritize upgrading to mitigate risks.

The primary impact of this vulnerability is denial of service through deletion of administrative and other user accounts, which can prevent legitimate access to the Frigate NVR system. This disruption can halt video surveillance monitoring and recording, critical for security operations in organizations relying on IP cameras. Additionally, the integrity of user management is compromised, potentially allowing attackers to manipulate account configurations or remove audit trails. The vulnerability affects confidentiality less directly but may facilitate further attacks by disabling administrative oversight. Because the flaw can be exploited by users with viewer privileges without user interaction, it lowers the barrier for insider threats or compromised low-privilege accounts to cause significant operational damage. Organizations in sectors such as physical security, critical infrastructure monitoring, and enterprise surveillance are particularly at risk, as disruption of video recording can impact incident response and safety.

The definitive mitigation is to upgrade Frigate to version 0.16.3 or later, where the authorization checks have been corrected. Until upgrading is possible, organizations should restrict viewer role assignments to trusted users only and monitor user account deletions closely. Implement network segmentation to limit access to the Frigate management interface, ensuring only authorized personnel can connect. Employ strong authentication and logging to detect unusual account management activities. Additionally, consider deploying compensating controls such as multi-factor authentication for administrative accounts and regular backups of user configurations to enable recovery from unauthorized deletions. Security teams should review access control policies and conduct audits to verify that least privilege principles are enforced.