PT-2022-12061 · Reolink · Reolink Rlc-410W
Francesco Benvenuto
·
Published
2022-01-28
·
Updated
2022-10-25
·
CVE-2021-44364
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
reolink RLC-410W version 3.0.0.136 20121102
Description
A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. A specially-crafted HTTP request can lead to a reboot. The
SetWifi param is not an object, allowing an attacker to send an HTTP request to trigger this issue.Recommendations
For version 3.0.0.136 20121102, as a temporary workaround, consider restricting access to the cgiserver.cgi JSON command parser functionality until a patch is available. Avoid using the
SetWifi param in the affected HTTP request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reolink Rlc-410W