CVE-2021-44388

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The login parameter is not an object, which can be exploited by an attacker sending a crafted HTTP request.

Recommendations For reolink RLC-410W version 3.0.0.136 20121102, as a temporary workaround, consider restricting access to the cgiserver.cgi JSON command parser functionality until a patch is available. Avoid using the login parameter in a way that could trigger this issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.