what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
Posted Jun 6, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-40149
SHA-256 | 6a0bd039c1f58f660697b01a27d1512dbd2ffb57a9229991176f80a78cd66c64

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure

Change Mirror Download
RCE Security Advisory
https://www.rcesecurity.com


1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149


2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.


3. VERSIONS AFFECTED
====================
Reolink E1 Zoom Camera 3.0.0.716 (latest) and below


4. INTRODUCTION
===============
Meet new generation of Reolink E1 series. Advanced features - 5MP Super
HD & optical zoom are added into this compact camera. Plus two-way audio,
remote live view and more smart capacities help you connect with what you
care. Be closer to families and be away from worries.

(from the vendor's homepage)


5. VULNERABILITY DETAILS
========================
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private
key via the root web server directory.

An unauthenticated attacker can abuse this with network-level access to the
camera to download the webserver's private SSL key by simply going to the
following URL:

https://[CAM-IP]/self.key


6. RISK
=======
An unauthenticated attacker can download the webserver's SSL private key and
thereby attack the encrypted network traffic to and from the camera, which might
lead to the disclosure of the administrative access credentials and other
sensitive information.


7. SOLUTION
===========
None.


8. REPORT TIMELINE
==================
2021-08-26: Discovery of the vulnerability
2021-08-26: Sent notification to Reolink via their support channel
2021-08-26: Response from vendor asking for vulnerability details
2021-08-26: Sent all the vulnerability details
2021-08-31: Vendor is still looking into the issue
2021-09-03: Vendor states that the issue will be fixed by the end of September.
2021-10-01: Since no firmware has been released, we've sent another notification
2021-10-02: Vendor states that the new firmware is delayed
2022-02-01: Since there is still fix, sent another notification
2022-02-02: Vendor states that the firmware with the fix hasn't been released yet.
2022-03-03: Since there is still fix, sent another notification
2022-03-12: Vendor states they're still working on the issue (internal update awaits testing)
2022-05-24: Since there is still fix, sent another notification
2022-05-24: Vendor states that the update still hasn't been released yet.
2022-06-01: Almost a year should be enough to fix this. Public disclosure.


9. REFERENCES
=============
https://github.com/MrTuxracer/advisories

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close