CVE-2021-40149

Опубликовано: 17 июл. 2022

Источник: nvd

CVSS3: 5.9

EPSS Средний

Описание

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

Ссылки

http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/0
Exploit
Mailing List
Third Party Advisory
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/0
Exploit
Mailing List
Third Party Advisory
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:*

Версия до 3.0.0.716 (включая)

cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.59239

Средний

5.9 Medium

CVSS3

Дефекты

CWE-552

Связанные уязвимости

GHSA-hq75-6wcm-hc6g