CVE-2021-40404

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description An authentication bypass issue exists in the cgiserver.cgi Login functionality. A specially-crafted HTTP request can lead to authentication bypass, allowing an attacker to send an HTTP request and trigger this issue.

Recommendations For reolink RLC-410W version 3.0.0.136 20121102, as a temporary workaround, consider restricting access to the cgiserver.cgi Login functionality until a patch is available. Avoid using the vulnerable Login functionality in the cgiserver.cgi until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Improper Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-284

Related Identifiers

CVE-2021-40404

Affected Products

Reolink Rlc-410W

CVE-2021-40404

Weakness Enumeration

Related Identifiers

Affected Products

References · 5