PT-2022-11192 · Reolink · Reolink E1 Zoom Camera

Julien Ahrens

Published

2022-06-03

Updated

2022-07-22

CVE-2021-40150

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Reolink E1 Zoom Camera versions 3.0.0.716 and earlier

Description The web server of the E1 Zoom camera discloses its configuration via the /conf/ directory, which is mapped to a publicly accessible path. An attacker can download the entire NGINX/FastCGI configurations by querying the "/conf/nginx.conf" or "/conf/fastcgi.conf" URI.

Recommendations For Reolink E1 Zoom Camera versions 3.0.0.716 and earlier, restrict access to the /conf/ directory to minimize the risk of exploitation. Avoid querying the "/conf/nginx.conf" or "/conf/fastcgi.conf" URI until the issue is resolved. Consider disabling public access to the /conf/ directory as a temporary workaround until a patch is available.

Exploit

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2021-40150

Affected Products

Reolink E1 Zoom Camera

PT-2022-11192 · Reolink · Reolink E1 Zoom Camera

CVE-2021-40150

Weakness Enumeration

Related Identifiers

Affected Products

References · 5