CVE-2021-40149

EUVD-2021-27334
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
reolinke1_zoom_firmware
𝑥
≤ 3.0.0.716
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
http://seclists.org/fulldisclosure/2022/Jun/0
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html
http://seclists.org/fulldisclosure/2022/Jun/0
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt