CVE-2021-40149
First published: Sun Jul 17 2022(Updated: )
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reolink E1 Zoom Firmware | <=3.0.0.716 | |
| Reolink E1 Zoom |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Reolink E1 Zoom camera?
The vulnerability ID for the Reolink E1 Zoom camera is CVE-2021-40149.
What is the severity level of CVE-2021-40149?
The severity level of CVE-2021-40149 is medium with a CVSS score of 5.9.
How does the vulnerability in the Reolink E1 Zoom camera work?
The vulnerability in the Reolink E1 Zoom camera allows an attacker to download the SSL private key via the /self.key URI.
Which version of the Reolink E1 Zoom firmware is affected by CVE-2021-40149?
The version 3.0.0.716 of the Reolink E1 Zoom firmware is affected by CVE-2021-40149.
Are there any known references for CVE-2021-40149?
Yes, you can find references for CVE-2021-40149 at the following URLs: [1](http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html), [2](http://seclists.org/fulldisclosure/2022/Jun/0), [3](https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/reolink
- canonical/reolink e1 zoom firmware
- version/reolink e1 zoom firmware/3.0.0.716
- canonical/reolink e1 zoom