Private Key Disclosure in E1 Zoom Camera by Reolink
CVE-2021-40149

5.9MEDIUM

Key Information:

Vendor

Reolink

Status
E1 Zoom Firmware
Vendor
CVE Published:
17 July 2022

What is CVE-2021-40149?

The E1 Zoom camera by Reolink is susceptible to a vulnerability that allows attackers to access its SSL private key through the root web server directory. By exploiting this flaw, an adversary can retrieve the private key via the /self.key URI, posing significant risks of unauthorized decryption and potential further attacks. Proper security measures should be implemented to safeguard sensitive keys and enhance the overall security posture.

References

http://packetstormsecurity.com/files/167407/Reolink-E1-Zo...
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Jun/0
x_refsource_MISC
https://github.com/MrTuxracer/advisories/blob/master/CVEs...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.