Vulnerabilities > CVE-2021-40149 - Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
- http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
- http://seclists.org/fulldisclosure/2022/Jun/0
- http://seclists.org/fulldisclosure/2022/Jun/0
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt