Private Key Disclosure in E1 Zoom Camera by Reolink
CVE-2021-40149

5.9MEDIUM

Key Information:

Vendor

Reolink

Status
E1 Zoom Firmware
Vendor
CVE Published:
17 July 2022

What is CVE-2021-40149?

The E1 Zoom camera by Reolink is susceptible to a vulnerability that allows attackers to access its SSL private key through the root web server directory. By exploiting this flaw, an adversary can retrieve the private key via the /self.key URI, posing significant risks of unauthorized decryption and potential further attacks. Proper security measures should be implemented to safeguard sensitive keys and enhance the overall security posture.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/167407/Reolink-E1-Zo...
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Jun/0
x_refsource_MISC
https://github.com/MrTuxracer/advisories/blob/master/CVEs...
x_refsource_MISC

EPSS Score

59% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.