1. ADVISORY INFORMATION
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
This vulnerability was discovered and researched by Julien Ahrens from
3. VERSIONS AFFECTED
Reolink E1 Zoom Camera 22.214.171.1246 (latest) and below
Meet new generation of Reolink E1 series. Advanced features - 5MP Super HD
& optical zoom are added into this compact camera. Plus two-way audio, remote
live view and more smart capacities help you connect with what you care. Be
closer to families and be away from worries.
(from the vendor's homepage)
5. VULNERABILITY DETAILS
The web server of the E1 Zoom camera through 126.96.36.1996 discloses its configuration
via the /conf/ directory that is mapped to a publicly accessible path.
An unauthenticated attacker can abuse this with network-level access to the
camera to download the entire NGINX/FastCGI configurations by querying, i.e.:
An unauthenticated attacker can download the webserver's configuration files
which might lead to sensitive information disclosure.