Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44395 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44409 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44417 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44386 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44403 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44384 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-21134 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. |