CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/0	Exploit Mailing List Third Party Advisory
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*

cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-17 22:15

Updated : 2022-07-27 17:21

NVD link : CVE-2021-40149

Mitre link : CVE-2021-40149

CVE.ORG link : CVE-2021-40149

JSON object : View

Products Affected

reolink

e1_zoom_firmware
e1_zoom

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2021-40149", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2022-07-17T22:15:08.683", "references": [{"url": "http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/0", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI."}, {"lang": "es", "value": "El servidor web de la c\u00e1mara E1 Zoom versiones hasta 3.0.0.716, divulga su clave privada SSL por medio del directorio root del servidor web. De este modo, un atacante puede descargar la clave completa por medio del URI /self.key"}], "lastModified": "2022-07-27T17:21:19.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCFEDD04-AC9A-45CF-8E25-BA6BD72B8BDC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF9263F9-9297-4434-BAD9-1DDF3B6B52E0", "versionEndIncluding": "3.0.0.716"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}