Details of VAR-202108-0713

ID

VAR-202108-0713

CVE

CVE-2021-3617

TITLE

plural Lenovo Smart Camera Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011046

DESCRIPTION

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652. (DoS) It may be in a state. Shenzhen Qiaoan Technology Co., Ltd. is a professional R&D and manufacturer of surveillance cameras, specializing in the production of Qiaoan surveillance, Qiaoan surveillance cameras, etc. Several webcams of Shenzhen Qiaoan Technology Co., Ltd. have information disclosure vulnerabilities, which can be exploited by attackers to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2021-3617 // JVNDB: JVNDB-2021-011046 // CNVD: CNVD-2020-68652 // VULMON: CVE-2021-3617

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	lenovo	model:	smart camera c2e	scope:	lt	version:	01.03.29.16	Trust: 1.0
vendor:	lenovo	model:	smart camera x3	scope:	lt	version:	01.03.29.16	Trust: 1.0
vendor:	lenovo	model:	smart camera x5	scope:	lt	version:	01.03.29.16	Trust: 1.0
vendor:	lenovo	model:	smart camera x5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	smart camera c2e	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	smart camera x3	scope:	-	version:	-	Trust: 0.8
vendor:	qiaoan	model:	ja-770	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c7m	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c1k	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2t	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2c	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-g4r	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2t-l	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q7m	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q7	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f8	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2e	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q10	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q3	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c10	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2t-n	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q13c	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f10	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c10e	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2r	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q3r	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c6k	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2k	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q7k	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-f2k-4x	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c5	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q8	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c9	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q5	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-a6	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-q7r	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-g4c	scope:	eq	version:	01.03.29.14	Trust: 0.6
vendor:	qiaoan	model:	ja-c6	scope:	eq	version:	01.03.29.14	Trust: 0.6

sources: CNVD: CNVD-2020-68652 // JVNDB: JVNDB-2021-011046 // NVD: CVE-2021-3617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3617
value:	HIGH
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3617
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-3617
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-68652
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-1582
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-3617
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-68652
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-3617
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-011046
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-68652 // JVNDB: JVNDB-2021-011046 // CNNVD: CNNVD-202108-1582 // NVD: CVE-2021-3617 // NVD: CVE-2021-3617

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011046 // NVD: CVE-2021-3617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1582

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-1582

PATCH

title:	LEN-49262	url:	https://iknow.lenovo.com.cn/detail/dc_198417.html	Trust: 0.8
title:	Lenovo Smart Camera Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160997	Trust: 0.6

sources: JVNDB: JVNDB-2021-011046 // CNNVD: CNNVD-202108-1582

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3617	Trust: 3.4
db:	CNVD	id:	CNVD-2020-68652	Trust: 2.3
db:	JVNDB	id:	JVNDB-2021-011046	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1582	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-3617	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-68652 // VULMON: CVE-2021-3617 // JVNDB: JVNDB-2021-011046 // CNNVD: CNNVD-202108-1582 // NVD: CVE-2021-3617

REFERENCES

url:	https://www.cnvd.org.cn/flaw/show/cnvd-2020-68652	Trust: 1.7
url:	https://iknow.lenovo.com.cn/detail/dc_198417.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3617	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-3617 // JVNDB: JVNDB-2021-011046 // CNNVD: CNNVD-202108-1582 // NVD: CVE-2021-3617

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2020-68652
db:	VULMON	id:	CVE-2021-3617
db:	JVNDB	id:	JVNDB-2021-011046
db:	CNNVD	id:	CNNVD-202108-1582
db:	NVD	id:	CVE-2021-3617

LAST UPDATE DATE

2025-01-30T21:25:07.228000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-68652	date:	2020-12-03T00:00:00
db:	VULMON	id:	CVE-2021-3617	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-011046	date:	2022-07-15T04:57:00
db:	CNNVD	id:	CNNVD-202108-1582	date:	2021-08-31T00:00:00
db:	NVD	id:	CVE-2021-3617	date:	2024-11-21T06:21:59.567

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-68652	date:	2021-01-04T00:00:00
db:	VULMON	id:	CVE-2021-3617	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-011046	date:	2022-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202108-1582	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2021-3617	date:	2021-08-17T17:15:07.610