225 matches found
CVE-2021-44389
CVE-2021-44389 affects Reolink RLC-410W (v3.0.0.136_20121102). The cgiserver.cgi JSON command parser accepts JSON arrays of commands; if a param is not an object, the code can hit an assertion path leading to a device reboot. Attack surface involves a crafted HTTP POST to the camera’s API (cmd, a...
CVE-2021-44387
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44386
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44385
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44382
CVE-2021-44382 describes a denial-of-service in the cgiserver.cgi JSON command parser of Reolink RLC-410W (v3.0.0.136_20121102). A crafted HTTP body targeting the CGI API can cause the cgiserver.cgi process to reboot, by exploiting improper handling of the JSON param object (not object) in multip...
CVE-2021-44381
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44382
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44382
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44381
The CVE-2021-44381 entry concerns Reolink RLC-410W firmware (v3.0.0.136_20121102). A vulnerability in cgiserver.cgi’s JSON command parser allows a specially crafted HTTP request to reboot the device, by triggering an assertion when a JSON param is not an object (notably SetPowerLed). TALOS detail...
CVE-2021-44380
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44378
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44379
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44379
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44379
CVE-2021-44379 affects the Reolink RLC-410W cgiserver.cgi JSON command parser. A specially crafted HTTP request can cause the cgiserver.cgi process to reboot, compromising device availability. The issue is triggered when parsing JSON arrays where the param field is expected to be an object (e.g.,...
CVE-2021-44378
CVE-2021-44378 affects Reolink RLC-410W (v3.0.0.136_20121102) via the cgiserver.cgi JSON command parser. A specially crafted HTTP request can trigger an assertion in param parsing, killing the cgiserver.cgi process and rebooting the device (DoS/availability impact). Root cause: improper handling ...
CVE-2021-44377
CVE-2021-44377 : Talos reports multiple denial-of-service vulnerabilities in the cgiserver.cgi JSON command parser of the Reolink RLC-410W (v3.0.0.136_20121102). A specially crafted HTTP request can cause the cgiserver.cgi process to reboot by triggering asserts when JSON parameters are not objec...
CVE-2021-44374
CVE-2021-44374 affects the Reolink RLC-410W (v3.0.0.136_20121102) with a denial-of-service in the cgiserver.cgi JSON command parser. A specially crafted HTTP body can trigger an assertion when a JSON element in param is not an object, potentially rebooting the device. The issue is caused by parsi...
CVE-2021-44372
CVE-2021-44372 affects Reolink RLC-410W (v3.0.0.136_20121102). The issue resides in the cgiserver.cgi JSON command parser; a crafted HTTP request can trigger a reboot by exploiting the SetLocalLink parameter not being an object. The DoS can reboot the device, with exploitation described in Talos ...
CVE-2021-44371
CVE-2021-44371 affects the cgiserver.cgi JSON command parser in reolink RLC-410W (v3.0.0.136_20121102). A crafted HTTP POST body can trigger the parser to reboot the device, causing a denial of service. The vulnerability stems from the code paths that assume param is an object, leading to an asse...
CVE-2021-44370
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...