CVE-2021-40416

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. All the Get APIs that are not included in cgicheckability are already executable by any logged-in users. An attacker can send an HTTP request to trigger...

CVE-2021-40413

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be...

CVE-2021-40414

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the...

CVE-2021-40414

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the...