Vulnerability CVE-2021-40149


Published: 2022-07-17   Modified: 2022-07-18

Description:
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
Julien Ahrens
06.06.2022

Type:

CWE-200

(Information Exposure)

 References:
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
http://seclists.org/fulldisclosure/2022/Jun/0
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html

Copyright 2022, cxsecurity.com

 

Back to Top