Enhancement: cves/2021/CVE-2021-40150.yaml by md

cves/2021/CVE-2021-40150.yaml

@@ -1,16 +1,16 @@
 id: CVE-2021-40150
 
 info:
-  name: Reolink E1 Zoom Camera - Information Disclosure
+  name: Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
   author: For3stCo1d
   severity: high
   description: |
-    The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.
+    Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.
-    An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations.
   reference:
     - https://dl.packetstormsecurity.net/2206-exploits/reolinke1config-disclose.txt
     - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40150
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/02/01