Auto Generated CVE annotations [Sun Jul 24 07:28:51 UTC 2022] 🤖

2022-07-24 07:28:51 +00:00 · 2022-07-24 07:28:51 +00:00 · 27c8b6a40c
parent 365c417af6
commit 27c8b6a40c
1 changed files with 5 additions and 2 deletions
--- a/cves/2021/CVE-2021-40150.yaml
+++ b/cves/2021/CVE-2021-40150.yaml
@ -3,7 +3,7 @@ id: CVE-2021-40150
 info:
  name: Reolink E1 Zoom Camera - Information Disclosure
  author: For3stCo1d
-  severity: medium
+  severity: high
  description: |
    The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.
    An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations.
@ -12,10 +12,13 @@ info:
    - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150
  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
    cve-id: CVE-2021-40150
+    cwe-id: CWE-552
  metadata:
-    verified: true
    shodan-query: http.title:"Reolink"
+    verified: "true"
  tags: cve,cve2021,reolink,camera,exposure,iot

 requests: