Sign-up

ID

VAR-202108-0687


CVE

CVE-2021-3616


TITLE

plural  Lenovo Smart Camera  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011045

DESCRIPTION

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. (DoS) It may be in a state. Shenzhen Qiaoan Technology Co., Ltd. is a professional R&D and manufacturer of surveillance cameras, specializing in the production of Qiaoan surveillance, Qiaoan surveillance cameras, etc. Several webcams of Shenzhen Qiaoan Technology Co., Ltd. have information disclosure vulnerabilities, which can be exploited by attackers to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2021-3616 // JVNDB: JVNDB-2021-011045 // CNVD: CNVD-2020-68651 // VULMON: CVE-2021-3616

AFFECTED PRODUCTS

vendor:lenovomodel:smart camera c2escope:ltversion:01.03.29.16

Trust: 1.0

vendor:lenovomodel:smart camera x3scope:ltversion:01.03.29.16

Trust: 1.0

vendor:lenovomodel:smart camera x5scope:ltversion:01.03.29.16

Trust: 1.0

vendor:lenovomodel:smart camera x5scope: - version: -

Trust: 0.8

vendor:lenovomodel:smart camera c2escope: - version: -

Trust: 0.8

vendor:lenovomodel:smart camera x3scope: - version: -

Trust: 0.8

vendor:qiaoanmodel:ja-770scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c7mscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c1kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2tscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-g4rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2t-lscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7mscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f8scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2escope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q3scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2t-nscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q13cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f10scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c10escope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q3rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c6kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7kscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-f2k-4xscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c5scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q8scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c9scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q5scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-a6scope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-q7rscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-g4cscope:eqversion:01.03.29.14

Trust: 0.6

vendor:qiaoanmodel:ja-c6scope:eqversion:01.03.29.14

Trust: 0.6

sources: CNVD: CNVD-2020-68651 // JVNDB: JVNDB-2021-011045 // NVD: CVE-2021-3616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3616
value: CRITICAL

Trust: 1.0

psirt@lenovo.com: CVE-2021-3616
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-3616
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-68651
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-1581
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-3616
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-3616
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-68651
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-3616
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2021-3616
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-3616
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-68651 // VULMON: CVE-2021-3616 // JVNDB: JVNDB-2021-011045 // CNNVD: CNNVD-202108-1581 // NVD: CVE-2021-3616 // NVD: CVE-2021-3616

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011045 // NVD: CVE-2021-3616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1581

PATCH

title:LEN-49262url:https://iknow.lenovo.com.cn/detail/dc_198417.html

Trust: 0.8

title:Lenovo Smart Camera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160996

Trust: 0.6

sources: JVNDB: JVNDB-2021-011045 // CNNVD: CNNVD-202108-1581

EXTERNAL IDS

db:NVDid:CVE-2021-3616

Trust: 3.3

db:CNVDid:CNVD-2020-68651

Trust: 2.3

db:JVNDBid:JVNDB-2021-011045

Trust: 0.8

db:CNNVDid:CNNVD-202108-1581

Trust: 0.6

db:VULMONid:CVE-2021-3616

Trust: 0.1

sources: CNVD: CNVD-2020-68651 // VULMON: CVE-2021-3616 // JVNDB: JVNDB-2021-011045 // CNNVD: CNNVD-202108-1581 // NVD: CVE-2021-3616

REFERENCES

url:https://www.cnvd.org.cn/flaw/show/cnvd-2020-68651

Trust: 1.7

url:https://iknow.lenovo.com.cn/detail/dc_198417.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-3616

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-3616 // JVNDB: JVNDB-2021-011045 // CNNVD: CNNVD-202108-1581 // NVD: CVE-2021-3616

SOURCES

db:CNVDid:CNVD-2020-68651
db:VULMONid:CVE-2021-3616
db:JVNDBid:JVNDB-2021-011045
db:CNNVDid:CNNVD-202108-1581
db:NVDid:CVE-2021-3616

LAST UPDATE DATE

2024-11-23T22:44:09.523000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-68651date:2020-12-03T00:00:00
db:VULMONid:CVE-2021-3616date:2021-08-30T00:00:00
db:JVNDBid:JVNDB-2021-011045date:2022-07-15T04:57:00
db:CNNVDid:CNNVD-202108-1581date:2021-08-31T00:00:00
db:NVDid:CVE-2021-3616date:2024-11-21T06:21:59.423

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-68651date:2021-01-04T00:00:00
db:VULMONid:CVE-2021-3616date:2021-08-17T00:00:00
db:JVNDBid:JVNDB-2021-011045date:2022-07-15T00:00:00
db:CNNVDid:CNNVD-202108-1581date:2021-08-17T00:00:00
db:NVDid:CVE-2021-3616date:2021-08-17T17:15:07.533