Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure Vulnerability

🗓️ 07 Jun 2022 00:00:00Reported by Julien AhrensType 
zdt
 zdt🔗 0day.today👁 466 Views

Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure Vulnerability - Sensitive Information Exposur

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Cross-site Scripting in Astaro Security_Gateway_Software
30 Apr 201915:15
githubexploit
Circl		CVE-2021-40150
18 Jul 202202:33
circl
CNNVD		Reolink E1 Zoom Camera 安全漏洞
6 Jun 202200:00
cnnvd
CVE		CVE-2021-40150
17 Jul 202222:54
cve
Cvelist		CVE-2021-40150
17 Jul 202222:54
cvelist
Nuclei		Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
8 Jun 202604:09
nuclei
NVD		CVE-2021-40150
17 Jul 202223:15
nvd
OSV		CVE-2021-40150
17 Jul 202223:15
osv
Packet Storm		Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure
6 Jun 202200:00
packetstorm
Prion		Design/Logic Flaw
17 Jul 202223:15
prion
Rows per page
1. ADVISORY INFORMATION
=======================
Product:        Reolink E1 Zoom Camera
Vendor URL:     https://reolink.com/product/e1-zoom/
Type:           Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found:     2021-08-26
Date published: 2022-06-01
CVSSv3 Score:   5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE:            CVE-2021-40150


2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.


3. VERSIONS AFFECTED
====================
Reolink E1 Zoom Camera 3.0.0.716 (latest) and below


4. INTRODUCTION
===============
Meet new generation of Reolink E1 series. Advanced features - 5MP Super HD
& optical zoom are added into this compact camera. Plus two-way audio, remote
live view and more smart capacities help you connect with what you care. Be
closer to families and be away from worries.

(from the vendor's homepage)


5. VULNERABILITY DETAILS
========================
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration
via the /conf/ directory that is mapped to a publicly accessible path.

An unauthenticated attacker can abuse this with network-level access to the
camera to download the entire NGINX/FastCGI configurations by querying, i.e.:

http://[CAM-IP]/conf/nginx.conf
http://[CAM-IP]/conf/fastcgi.conf

Etc.


6. RISK
=======
An unauthenticated attacker can download the webserver's configuration files
which might lead to sensitive information disclosure.


7. SOLUTION
===========
None.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jun 2022 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5
EPSS0.34226
reolink e1 zoom cameraconfiguration disclosuresensitive information exposureweb servercve-2021-40150rce security
466