Vulnerabilities (CVE)

Filtered by vendor Reolink Subscribe
Filtered by product E1 Zoom Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40150 1 Reolink 2 E1 Zoom, E1 Zoom Firmware 2024-11-21 N/A 7.5 HIGH
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.
CVE-2021-40149 1 Reolink 2 E1 Zoom, E1 Zoom Firmware 2024-11-21 N/A 5.9 MEDIUM
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.