CVE-2021-40419

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description A firmware update issue exists in the 'factory' binary, allowing an attacker to perform arbitrary firmware updates by sending a specially-crafted series of network requests. This can be triggered by an attacker sending a sequence of requests.

Recommendations For reolink RLC-410W version 3.0.0.136 20121102, consider restricting access to the 'factory' binary to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable binary for firmware updates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.