Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44372 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44374 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44411 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44382 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-40410 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. | |||||
CVE-2021-44413 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-21801 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2021-40414 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. | |||||
CVE-2021-44416 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44358 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-40411 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | |||||
CVE-2021-44387 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44376 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44415 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-21236 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44368 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-40413 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.5 MEDIUM | 7.1 HIGH |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44400 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44397 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44360 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. |