CVE-2021-3617
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.
Se ha reportado una vulnerabilidad en Lenovo Smart Camera X3, X5 y C2E, que podría permitir una inyección de comandos al ajustar una configuración de red especialmente diseñada. Esta vulnerabilidad es la misma que CNVD-2020-68652.
*Credits:
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-23 CVE Reserved
- 2021-08-17 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652 | Not Applicable |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://iknow.lenovo.com.cn/detail/dc_198417.html | 2021-08-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Smart Camera C2e Firmware Search vendor "Lenovo" for product "Smart Camera C2e Firmware" | < 01.03.29.16 Search vendor "Lenovo" for product "Smart Camera C2e Firmware" and version " < 01.03.29.16" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Smart Camera C2e Search vendor "Lenovo" for product "Smart Camera C2e" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Smart Camera X3 Firmware Search vendor "Lenovo" for product "Smart Camera X3 Firmware" | < 01.03.29.16 Search vendor "Lenovo" for product "Smart Camera X3 Firmware" and version " < 01.03.29.16" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Smart Camera X3 Search vendor "Lenovo" for product "Smart Camera X3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Smart Camera X5 Firmware Search vendor "Lenovo" for product "Smart Camera X5 Firmware" | < 01.03.29.16 Search vendor "Lenovo" for product "Smart Camera X5 Firmware" and version " < 01.03.29.16" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Smart Camera X5 Search vendor "Lenovo" for product "Smart Camera X5" | - | - |
Safe
|