Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44373 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44404 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-40416 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44359 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44393 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44396 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-40423 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44407 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44388 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44377 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-21796 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
| A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44362 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44371 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44365 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44385 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-40419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2021-40415 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. | |||||
| CVE-2021-44414 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44364 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||