Unauthorized Access Exploit in Lenovo Smart Cameras
CVE-2021-3616

9.4CRITICAL

Key Information:

Vendor: Lenovo
Status: Smart Camera X3, X5, And C2e Firmware
Vendor: CVE Published:; 17 August 2021

Summary

A security flaw has been identified in Lenovo Smart Camera models X3, X5, and C2E that enables unauthorized individuals to gain access to sensitive device information, modify firmware content, and alter device configurations. This vulnerability raises significant concerns regarding the security integrity of these devices, which could be exploited to compromise user privacy and device functionality.

Affected Version(s)

Smart Camera X3, X5, and C2E firmware < 01.03.29.16

References

https://iknow.lenovo.com.cn/detail/dc_198417.html

x_refsource_MISC

https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651

x_refsource_MISC

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2021
Vulnerability Reserved
Jun 23, 2021

Credit

Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.