A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
25 Oct 2022, 17:40
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.7 |
03 Feb 2022, 21:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102:*:*:*:*:*:*:* cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:* |
|
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421 - Exploit, Technical Description, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 6.5 |
CWE | CWE-20 |
28 Jan 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 22:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-44400
Mitre link : CVE-2021-44400
CVE.ORG link : CVE-2021-44400
JSON object : View
Products Affected
reolink
- rlc-410w
- rlc-410w_firmware
CWE
CWE-20
Improper Input Validation