Denial of Service Vulnerability in Reolink RLC-410W by Reolink
CVE-2021-44418

8.6HIGH

Key Information:

Vendor: Reolink
Status: Rlc-410w Firmware
Vendor: CVE Published:; 28 January 2022

What is CVE-2021-44418?

A vulnerability in the JSON command parser of Reolink RLC-410W allows an attacker to execute a specially-crafted HTTP request, potentially leading to a denial of service condition. Specifically, the issue arises when the GetMdState parameter is not an object, enabling an attacker to trigger a reboot of the device, thereby disrupting services and affecting operational integrity. This vulnerability poses significant risks to users relying on the reliable functioning of their surveillance systems.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Nov 29, 2021

CVE-2021-44418 Data

JSON