CVE-2021-44392

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetImage param is not an object, allowing an attacker to send an HTTP request to exploit this issue.

Recommendations For version 3.0.0.136 20121102, consider restricting access to the cgiserver.cgi JSON command parser functionality until a fix is available. Avoid using the GetImage param in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-44392

Affected Products

Reolink Rlc-410W

CVE-2021-44392

Weakness Enumeration

Related Identifiers

Affected Products

References · 3