CVE-2021-40149
published 2022-07-17CVE-2021-40149: The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download…
PriorityP346medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
5.99%
92.4th percentile
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reolink | e1_zoom_firmware | <= 3.0.0.716 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara
regex: '(?m)^-----BEGIN PRIVATE KEY-----'
- →Send an unauthenticated HTTP GET request to /self.key on the target device; a 200 response whose body begins with '-----BEGIN PRIVATE KEY-----' confirms the SSL private key is publicly exposed.
- →Confirm the response is not JSON/HTML (negative match on Content-Type: application/json or application/html) to reduce false positives when matching the private key body.
- →Use Shodan, FOFA, or Google to identify exposed Reolink E1 Zoom cameras as targets for this vulnerability.
- ·Vulnerability affects Reolink E1 Zoom Camera firmware versions 3.0.0.716 and below only.
- ·The private key is served directly from the root web server directory with no authentication required, making exploitation trivially easy from the network. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
nuclei·CVSS 5.9
CVE-2021-40149 [MEDIUM] Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.
Template:
id: CVE-2021-40149
info:
name: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
author: For3stCo1d
severity: medium
description: |
Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.
impact: |
An attacker can obtain the private key, potentially leading to unauthorized access and compromise of the camera.
remediation: |
Upgrade the Reolink E1 Zoom Camera to a version higher than 3.0.0.716 to mitigate the vulnerability.
reference:
- https://dl.packetstormsecurity.net/2206-exploits/reolinke1key-disclose.txt
- https://github.com/MrTuxracer/advis
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.htmlhttp://seclists.org/fulldisclosure/2022/Jun/0https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txthttp://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.htmlhttp://seclists.org/fulldisclosure/2022/Jun/0https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
2022-07-17
Published