Vulnerabilities (CVE)

Filtered by vendor Reolink Subscribe
Filtered by product Rlc-410w Firmware
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44356 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44366 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44354 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44357 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40405 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 6.5 MEDIUM
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44394 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44375 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44355 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40404 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.4 MEDIUM 6.5 MEDIUM
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44381 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44408 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44383 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44402 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40409 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.
CVE-2021-44389 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44378 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44392 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44419 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44406 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40408 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.