Sign-up

ID

VAR-202108-0683


CVE

CVE-2021-3615


TITLE

Lenovo Smart Camera Code injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-1580

DESCRIPTION

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262. Shenzhen Qiaoan Technology Co., Ltd., founded in Shenzhen in 2010, is a national high-tech enterprise with "Qiaoan" as the core brand, mainly engaged in the research and development, production, marketing and service of video security smart home products. Many cameras of Shenzhen Qiaoan Technology Co., Ltd. have command execution vulnerabilities. Attackers can use the vulnerabilities to gain control of the server

Trust: 1.53

sources: NVD: CVE-2021-3615 // CNVD: CNVD-2021-45262 // VULMON: CVE-2021-3615

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-45262

AFFECTED PRODUCTS

vendor:lenovomodel:smart camera c2escope:ltversion:01.03.29.16

Trust: 1.0

vendor:lenovomodel:smart camera x3scope:ltversion:01.03.29.16

Trust: 1.0

vendor:lenovomodel:smart camera x5scope:ltversion:01.03.29.16

Trust: 1.0

vendor:qiaoanmodel:ja-770scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c7mscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c1kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2tscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-g4rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2t-lscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7mscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f8scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2escope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q3scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2t-nscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q13cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c10escope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q3rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c6kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2k-4xscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c5scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q8scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c9scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q5scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-a6scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-g4cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c6scope:eqversion:01.03.29.14

Trust: 0.6

sources: NVD: CVE-2021-3615 // CNVD: CNVD-2021-45262

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-3615
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202108-1580
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-45262
value: HIGH

Trust: 0.6

VULMON: CVE-2021-3615
value: MEDIUM

Trust: 0.1

NVD: CVE-2021-3615
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-45262
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD: CVE-2021-3615
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2021-3615 // CNNVD: CNNVD-202108-1580 // CNVD: CNVD-2021-45262 // VULMON: CVE-2021-3615

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2021-3615

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-1580

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-3615

PATCH
title:Lenovo Smart Camera Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=160995
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202108-1580

EXTERNAL IDS
db:CNVDid:CNVD-2021-45262
Trust: 2.3
db:NVDid:CVE-2021-3615
Trust: 1.7
db:CNNVDid:CNNVD-202108-1580
Trust: 0.6
db:VULMONid:CVE-2021-3615
Trust: 0.1
sources:
            
            
            NVD: CVE-2021-3615 // 
            
            
            
            CNNVD: CNNVD-202108-1580 // 
            
            
            
            CNVD: CNVD-2021-45262 // 
            
            
            
            VULMON: CVE-2021-3615

REFERENCES
url:https://iknow.lenovo.com.cn/detail/dc_198417.html
Trust: 1.7
url:https://www.cnvd.org.cn/flaw/show/cnvd-2021-45262
Trust: 1.7
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            NVD: CVE-2021-3615 // 
            
            
            
            CNNVD: CNNVD-202108-1580 // 
            
            
            
            VULMON: CVE-2021-3615

SOURCES
db:NVDid:CVE-2021-3615
db:CNNVDid:CNNVD-202108-1580
db:CNVDid:CNVD-2021-45262
db:VULMONid:CVE-2021-3615

LAST UPDATE DATE
2021-12-18T08:47:45.975000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2021-3615date:2021-08-30T17:12:00
db:CNNVDid:CNNVD-202108-1580date:2021-08-31T00:00:00
db:CNVDid:CNVD-2021-45262date:2021-07-04T00:00:00
db:VULMONid:CVE-2021-3615date:2021-08-30T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2021-3615date:2021-08-17T17:15:00
db:CNNVDid:CNNVD-202108-1580date:2021-08-17T00:00:00
db:CNVDid:CNVD-2021-45262date:2021-08-02T00:00:00
db:VULMONid:CVE-2021-3615date:2021-08-17T00:00:00