CVE-2021-44384: Input Validation
First published: Fri Jan 28 2022(Updated: )
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reolink RLC-410W | =3.0.0.136_20121102 | |
| Reolink RLC-410W Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this denial of service vulnerability?
The vulnerability ID is CVE-2021-44384.
What is the affected software of this vulnerability?
The affected software is Reolink RLC-410W firmware version 3.0.0.136_20121102.
How severe is CVE-2021-44384?
The severity of CVE-2021-44384 is high with a CVSS score of 7.7.
How does CVE-2021-44384 manifest?
CVE-2021-44384 manifests as a denial of service vulnerability in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W firmware version 3.0.0.136_20121102.
Is the Reolink RLC-410W camera itself vulnerable to CVE-2021-44384?
No, the Reolink RLC-410W camera itself is not vulnerable to CVE-2021-44384.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/reolink
- canonical/reolink rlc-410w
- version/reolink rlc-410w/3.0.0.136_20121102
- canonical/reolink rlc-410w firmware