PT-2022-11234 · Reolink · Reolink Rlc-410W
Francesco Benvenuto
·
Published
2022-01-28
·
Updated
2022-09-03
·
CVE-2021-40406
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
reolink RLC-410W version 3.0.0.136 20121102
Description
A denial of service issue exists in the cgiserver.cgi session creation functionality. This can be triggered by a specially-crafted HTTP request, preventing users from logging in. An attacker can exploit this by sending a crafted HTTP request.
Recommendations
For version 3.0.0.136 20121102, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reolink Rlc-410W