CVE-2021-44406

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetAutoFocus param is not an object, which can be exploited by an attacker sending a crafted HTTP request.

Recommendations For version 3.0.0.136 20121102, consider disabling the GetAutoFocus parameter in the cgiserver.cgi JSON command parser functionality as a temporary workaround until a patch is available. Restrict access to the cgiserver.cgi module to minimize the risk of exploitation. Avoid using the GetAutoFocus parameter in affected API endpoints until the issue is resolved.