CVE-2021-40149

Sažetak

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

Reference

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
http://seclists.org/fulldisclosure/2022/Jun/0
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html

CVSS

Base:	5.9
Impact:	3.6
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

27-07-2022 - 17:21

Objavljeno

17-07-2022 - 22:15