CVE-2021-44404: Input Validation
First published: Fri Jan 28 2022(Updated: )
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reolink Rlc-410w Firmware | =3.0.0.136_20121102 | |
| reolink RLC-410W |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this denial of service vulnerability?
The vulnerability ID is CVE-2021-44404.
What software is affected by this vulnerability?
The Reolink RLC-410W firmware version 3.0.0.136_20121102 is affected by this vulnerability.
What is the severity of CVE-2021-44404?
The severity of CVE-2021-44404 is high with a severity value of 7.7.
How can an attacker exploit this vulnerability?
An attacker can send a specially-crafted HTTP request to the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102 to trigger a denial of service.
Is the Reolink RLC-410W device itself vulnerable to exploitation?
No, the Reolink RLC-410W device itself is not vulnerable to exploitation.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/reolink
- canonical/reolink rlc-410w firmware
- version/reolink rlc-410w firmware/3.0.0.136_20121102
- canonical/reolink rlc-410w