CVE-2021-44376

Published: Jan 28, 2022Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Affected (1)

Products: Reolink: Rlc 410w Firmware

1 product

Rlc 410w Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Reolink Rlc 410w Firmware	Version 3.0.0.136_20121102

Running on/with	Platform Versions
Reolink Rlc 410w	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.