CVE-2021-3616

Published Aug 17, 2021

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
Source: psirt@lenovo.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other
psirt@lenovo.com: CWE-285

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:smart_camera_c2e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "340BB3AC-CA35-4967-B2EB-CCA01F6A02C4",
            "versionEndExcluding": "01.03.29.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:smart_camera_c2e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5514C8B-000F-4393-9039-91BD16C6533D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:smart_camera_x3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C0E7AFD-5D18-4B29-BDC6-8077E74A58D7",
            "versionEndExcluding": "01.03.29.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:smart_camera_x3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DEB64CB7-C439-4C5D-A8B7-35C1D4ECCED0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:smart_camera_x5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4104DA2D-A23E-42DE-B87B-0D664EE913B0",
            "versionEndExcluding": "01.03.29.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:smart_camera_x5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A5171D89-D3C7-45D3-BFB1-0106CE3E18DD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References