CVE-2021-40415

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description An issue exists in the cgiserver.cgi cgi check ability functionality where the Format API does not have a specific case, causing user permission to default to 7. This allows non-administrative users to format the SD card and reboot the device.

Recommendations For reolink RLC-410W version 3.0.0.136 20121102, consider restricting access to the cgi check ability functionality until a patch is available to prevent non-administrative users from formatting the SD card and rebooting the device.

Exploit

Fix

Improper Access Control

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-276

Related Identifiers

CVE-2021-40415

Affected Products

Reolink Rlc-410W

CVE-2021-40415

Weakness Enumeration

Related Identifiers

Affected Products

References · 3