CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48644
https://notcve.org/view.php?id=CVE-2024-48644
22 Oct 2024 — Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames. • https://github.com/rosembergpro/CVE-2024-48644 • CWE-203: Observable Discrepancy •
CVSS: 5.9EPSS: 1%CPEs: 2EXPL: 4CVE-2021-40149 – Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
https://notcve.org/view.php?id=CVE-2021-40149
06 Jun 2022 — The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. El servidor web de la cámara E1 Zoom versiones hasta 3.0.0.716, divulga su clave privada SSL por medio del directorio root del servidor web. De este modo, un atacante puede descargar la clave completa por medio del URI /self.key Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure... • https://packetstorm.news/files/id/167407 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 2CVE-2021-40150 – Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure
https://notcve.org/view.php?id=CVE-2021-40150
06 Jun 2022 — The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. El servidor web de la cámara E1 Zoom versiones hasta 3.0.0.716, divulga su configuración por medio del directorio /conf/ que está mapeado en una ruta de acceso pública. De este modo, un atacante puede descargar toda la co... • https://packetstorm.news/files/id/167408 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44394
https://notcve.org/view.php?id=CVE-2021-44394
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44375
https://notcve.org/view.php?id=CVE-2021-44375
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44366
https://notcve.org/view.php?id=CVE-2021-44366
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44357
https://notcve.org/view.php?id=CVE-2021-44357
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44356
https://notcve.org/view.php?id=CVE-2021-44356
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44355
https://notcve.org/view.php?id=CVE-2021-44355
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44354
https://notcve.org/view.php?id=CVE-2021-44354
14 Apr 2022 — Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de denegación de servicio en la funcionalidad del analizador de comandos JSON cgiserver.cgi de Reolink RLC-410W versión v3.0.0.136_20121102. Una petición HTTP especialmente diseñada puede conllevar a un r... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 • CWE-20: Improper Input Validation •