CVE-2021-44391: Input Validation
First published: Fri Jan 28 2022(Updated: )
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reolink Rlc-410w Firmware | =3.0.0.136_20121102 | |
| reolink RLC-410W |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2021-44391.
What software is affected by this vulnerability?
The Reolink RLC-410W firmware version 3.0.0.136_20121102 is affected by this vulnerability.
How severe is CVE-2021-44391?
CVE-2021-44391 has a severity score of 7.7, which is classified as high.
What is the impact of this vulnerability?
This vulnerability can be exploited to cause a denial of service condition, leading to a reboot of the affected device.
Is there a fix available for this vulnerability?
At the moment, there is no known fix or patch for this vulnerability. It is recommended to contact the vendor for further information and updates.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/reolink
- canonical/reolink rlc-410w firmware
- version/reolink rlc-410w firmware/3.0.0.136_20121102
- canonical/reolink rlc-410w