What is CVE-2021-40149?

CVE-2021-40149 is a vulnerability in N/a. Published 2022-07-17.

Is CVE-2021-40149 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

EPSS: 0.629 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
MrTuxracer/advisories
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
youcans896768/APIV_

References

packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-K… (x_refsource_MISC)
seclists.org/fulldisclosure/2022/Jun/0 (x_refsource_MISC)
github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-40149?: CVE-2021-40149 is a vulnerability in N/a. Published 2022-07-17.
Is CVE-2021-40149 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.