PT-2019-12131 · Reolink · Reolink Rlc-410W+4
Published
2018-06-03
·
Updated
2025-11-06
·
CVE-2019-11001
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Reolink RLC-410W versions through 1.0.227
Reolink C1 Pro versions through 1.0.227
Reolink C2 Pro versions through 1.0.227
Reolink RLC-422W versions through 1.0.227
Reolink RLC-511W versions through 1.0.227
Description
The issue allows an authenticated admin to inject and run OS commands as root using the "TestEmail" functionality, as demonstrated by shell metacharacters in the
addr1 field.Recommendations
For Reolink RLC-410W versions through 1.0.227, consider disabling the "TestEmail" functionality until a patch is available.
For Reolink C1 Pro versions through 1.0.227, consider disabling the "TestEmail" functionality until a patch is available.
For Reolink C2 Pro versions through 1.0.227, consider disabling the "TestEmail" functionality until a patch is available.
For Reolink RLC-422W versions through 1.0.227, consider disabling the "TestEmail" functionality until a patch is available.
For Reolink RLC-511W versions through 1.0.227, consider disabling the "TestEmail" functionality until a patch is available.
Avoid using the
addr1 field in the "TestEmail" functionality until the issue is resolved.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reolink C1 Pro
Reolink C2 Pro
Reolink Rlc-410W
Reolink Rlc-422W
Reolink Rlc-511W