daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sun Jul 24 07:28:51 UTC 2022] 🤖

patch-1
GitHub Action 2022-07-24 07:28:51 +00:00
parent 365c417af6
commit 27c8b6a40c
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-40150.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2021-40150
info: info:
name: Reolink E1 Zoom Camera - Information Disclosure name: Reolink E1 Zoom Camera - Information Disclosure
author: For3stCo1d author: For3stCo1d
severity: medium severity: high
description: | description: |
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.
An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations. An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations.
@ -12,10 +12,13 @@ info:
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-40150 cve-id: CVE-2021-40150
cwe-id: CWE-552
metadata: metadata:
verified: true
shodan-query: http.title:"Reolink" shodan-query: http.title:"Reolink"
verified: "true"
tags: cve,cve2021,reolink,camera,exposure,iot tags: cve,cve2021,reolink,camera,exposure,iot
requests: requests: