CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/04/14 8:15 p.m.•2 views

CVE-2021-44357

7.5CVSS7.3AI score

Cvelist•added 2022/04/14 7:56 p.m.•10 views

CVE-2021-44394

8.6CVSS7.8AI score0.00304EPSS

CVE•added 2022/04/14 7:56 p.m.•41 views

CVE-2021-44394

The CVE-2021-44394 entry affects Reolink RLC-410W (v3.0.0.136_20121102) where the cgiserver.cgi JSON command parser can crash the device, causing a reboot via specially crafted HTTP requests. Connected sources (TalOS) describe the vulnerability as a denial of service in the JSON command parsing p...

8.6CVSS7.5AI score0.00304EPSS

Exploits1References1Affected Software1

CVE•added 2022/04/14 7:56 p.m.•45 views

CVE-2021-44357

Summary: CVE-2021-44357 pertains to multiple denial-of-service vulnerabilities in the cgiserver.cgi JSON command parser of Reolink RLC-410W (v3.0.0.136_20121102). The TALOS analysis describes that the JSON parser and its param handling assume objects, and receiving non-object JSON (e.g., an empty...

8.6CVSS7.5AI score0.00304EPSS

Exploits1References1Affected Software1

NVD•added 2022/01/28 10:15 p.m.•11 views

CVE-2021-44416

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.00189EPSS

CVE-2021-44408

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

7.7CVSS7.3AI score

CVE-2021-44398

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability...

7.7CVSS7.2AI score

NVD•added 2022/01/28 10:15 p.m.•8 views

CVE-2021-44392

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.00204EPSS

NVD•added 2022/01/28 10:15 p.m.•11 views

CVE-2021-44396

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.00189EPSS

NVD•added 2022/01/28 10:15 p.m.•8 views

CVE-2021-44408

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.00189EPSS

CVE-2021-44399

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...

7.7CVSS5.8AI score

CVE-2021-44395

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability...

7.7CVSS5.8AI score

7.7CVSS7.3AI score0.00151EPSS

CVE-2021-44410

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability...