Vulnerability Details : CVE-2021-40149
Potential exploit
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
Products affected by CVE-2021-40149
- cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-40149
1.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-40149
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2021-40149
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-40149
-
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
advisories/CVE-2021-40149.txt at master · MrTuxracer/advisories · GitHubExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2022/Jun/0
Full Disclosure: [CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key DisclosureExploit;Mailing List;Third Party Advisory
Jump to