An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability.
References
| Link | Resource |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 | Exploit Technical Description Third Party Advisory |
| https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 - Exploit, Technical Description, Third Party Advisory |
15 Jun 2022, 21:42
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.1 |
03 Feb 2022, 22:04
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 - Exploit, Technical Description, Third Party Advisory | |
| CPE | cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102:*:*:*:*:*:*:* cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:* |
|
| CWE | CWE-276 | |
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
28 Jan 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40413
Mitre link : CVE-2021-40413
CVE.ORG link : CVE-2021-40413
JSON object : View
Products Affected
reolink
- rlc-410w
- rlc-410w_firmware