CVE-2021-40150
First published: Sun Jul 17 2022(Updated: )
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reolink E1 Zoom Firmware | <=3.0.0.716 | |
| Reolink E1 Zoom |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-40150?
CVE-2021-40150 is a vulnerability in the web server of the Reolink E1 Zoom camera firmware versions up to and including 3.0.0.716, where the /conf/ directory is publicly accessible, exposing the NGINX/FastCGI configurations.
How does CVE-2021-40150 impact the Reolink E1 Zoom camera?
CVE-2021-40150 allows an attacker to download the complete NGINX/FastCGI configurations by querying specific URIs in the /conf/ directory.
What is the severity of CVE-2021-40150?
CVE-2021-40150 has a severity score of 7.5 (High).
Which versions of Reolink E1 Zoom firmware are affected by CVE-2021-40150?
Reolink E1 Zoom firmware versions up to and including 3.0.0.716 are affected by CVE-2021-40150.
Is the Reolink E1 Zoom camera itself vulnerable to CVE-2021-40150?
No, the Reolink E1 Zoom camera itself is not vulnerable to CVE-2021-40150.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/reolink
- canonical/reolink e1 zoom firmware
- version/reolink e1 zoom firmware/3.0.0.716
- canonical/reolink e1 zoom