First published: Mon Apr 08 2019(Updated: )
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Reolink Rlc-410w Firmware | <=1.0.227 | |
reolink RLC-410W | ||
Reolink C1 Pro Firmware | <=1.0.227 | |
Reolink C1 Pro | ||
Reolink C2 Pro Firmware | <=1.0.227 | |
Reolink C2 Pro | ||
Reolink Rlc-422w Firmware | <=1.0.227 | |
Reolink Rlc-422w | ||
Reolink Rlc-511w Firmware | <=1.0.227 | |
Reolink Rlc-511w | ||
Reolink Multiple IP Cameras | ||
All of | ||
Reolink Rlc-410w Firmware | <=1.0.227 | |
reolink RLC-410W | ||
All of | ||
Reolink C1 Pro Firmware | <=1.0.227 | |
Reolink C1 Pro | ||
All of | ||
Reolink C2 Pro Firmware | <=1.0.227 | |
Reolink C2 Pro | ||
All of | ||
Reolink Rlc-422w Firmware | <=1.0.227 | |
Reolink Rlc-422w | ||
All of | ||
Reolink Rlc-511w Firmware | <=1.0.227 | |
Reolink Rlc-511w |
The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.