PT-2022-12098 · Reolink · Reolink Rlc-410W
Francesco Benvenuto
·
Published
2022-01-28
·
Updated
2022-10-25
·
CVE-2021-44401
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
reolink RLC-410W version 3.0.0.136 20121102
Description
A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The
PtzCtrl param is not an object, which can be exploited by an attacker sending a crafted HTTP request.Recommendations
For version 3.0.0.136 20121102, consider restricting access to the cgiserver.cgi JSON command parser functionality until a fix is available. Avoid using the
PtzCtrl param in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reolink Rlc-410W