CVE-2021-44413

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44412

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44412

The CVE-2021-44412 team lists a denial-of-service vulnerability affecting the Reolink RLC-410W camera (firmware 3.0.0.136_20121102) in the cgiserver.cgi JSON command parser. A specially crafted HTTP request can trigger a reboot by exposing an assertion failure when parsing the JSON body, specific...

CVE-2021-44407

The CVE-2021-44407 entry affects Reolink RLC-410W (v3.0.0.136_20121102) via the cgiserver.cgi JSON command parser. A DoS condition arises when a JSON body in the API requests contains a non-object param for certain commands, triggering an assert in the cgiserver.cgi path and causing the device re...

CVE-2021-44405

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44411

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44409

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44408

CVE-2021-44408 affects Reolink RLC-410W (CGI: cgiserver.cgi) where the JSON command parser can be invoked with a non-object param, triggering an assertion and reboot. Talos details show a CGI JSON flow where param is extracted and passed to a generic j2s handler; if param is not an object, an ass...

CVE-2021-44403

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44401

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44400

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44399

The CVE-2021-44399 issue affects Reolink RLC-410W (v3.0.0.136_20121102) through the cgiserver.cgi JSON command parser. TALOS describes multiple DoS vectors where a specially crafted HTTP request can cause the cgiserver.cgi process to reboot by triggering asserts when the API’s JSON parameters are...

CVE-2021-44397

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44398

The CVE-2021-44398 issue affects Reolink RLC-410W (v3.0.0.136_20121102) and is caused by a flaw in the cgiserver.cgi JSON command parser. The TALOS analysis describes multiple DoS scenarios where a specially crafted HTTP request can trigger the reboot by asserting on non-object JSON elements in c...

CVE-2021-44395

CVE-2021-44395 affects the Reolink RLC-410W camera (firmware v3.0.0.136_20121102). The vulnerability lies in the cgiserver.cgi JSON command parser: when a JSON array body contains a non-object for the param field (e.g., a misformatted or empty string), the code can trigger an assertion and reboot...

CVE-2021-44391

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44391

The CVE-2021-44391 issue affects Reolink RLC-410W (firmware v3.0.0.136_20121102) where the cgiserver.cgi JSON command parser mishandles non-object GetEnc param data, allowing a remote attacker to reboot the device via a specially crafted HTTP request. TALOS details confirm a set of JSON-command-b...

CVE-2021-44390

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44388

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability...