PT-2022-3887 · Reolink · Reolink Rlc-410W

Published

2022-01-26

Updated

2022-07-01

CVE-2022-21801

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions reolink RLC-410W version 3.0.0.136 20121102

Description The issue is related to an integer overflow in the netserver recv command function of the reolink RLC-410W IP camera's firmware. This can be exploited by a remote attacker using a specially crafted network packet, potentially leading to a denial of service, causing the device to reboot.

Recommendations For version 3.0.0.136 20121102, as a temporary workaround, consider restricting access to the netserver recv command function until a patch is available. Avoid using the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2022-04696

CVE-2022-21801

Affected Products

Reolink Rlc-410W

PT-2022-3887 · Reolink · Reolink Rlc-410W

CVE-2022-21801

Weakness Enumeration

Related Identifiers

Affected Products

References · 5