CVE-2021-40149

MEDIUM NUCLEI

E1 Zoom Camera <3.0.0.716 - Info Disclosure

Title source: llm

Description

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

Nuclei Templates (1)

Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure

MEDIUMVERIFIEDby For3stCo1d

Shodan: http.title:"Reolink"

FOFA: title="reolink"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Jun/0

[Exploit, Third Party Advisory] https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt

View Exploit ZIP pw:eip

Scores

CVSS v3 5.9

EPSS 0.6295

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-552

Status published

Products (1)

reolink/e1_zoom_firmware < 3.0.0.716

Published Jul 17, 2022

Tracked Since Feb 18, 2026