GCVE - cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Reolink (`b49896ec-72c3-57ee-8581-bf98824c2ad2`)
Product	E1 Zoom (`34f18b62-04e8-5b35-92f5-bc1d332eae82`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-40150`	not_vulnerable	2026-06-03 14:45:23.177885	Details available The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. Published: 2022-07-17T22:54:25.000Z Updated: 2024-08-04T02:27:31.538Z Open on db.gcve.eu Reference links https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-40149`	not_vulnerable	2026-06-03 14:45:23.177463	Details available The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. Published: 2022-07-17T21:36:27.000Z Updated: 2024-08-04T02:27:31.522Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html http://seclists.org/fulldisclosure/2022/Jun/0 https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.