CVE-2021-3616

Published: Aug 17, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.

Affected (3)

Products: Lenovo: Smart Camera C2e Firmware, Smart Camera X3 Firmware, Smart Camera X5 Firmware

Lenovo

3 products

Smart Camera C2e Firmware

Smart Camera X3 Firmware

Smart Camera X5 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera C2e Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera C2e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera X3 Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera X3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera X5 Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera X5	All versions

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://iknow.lenovo.com.cn/detail/dc_198417.html

Source: psirt@lenovo.com

Vendor Advisory

https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651

Source: psirt@lenovo.com

Not Applicable

https://iknow.lenovo.com.cn/detail/dc_198417.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.