294 matches found
CVE-2021-44419
CVE-2021-44419 affects Reolink RLC-410W (v3.0.0.136_20121102). The cgiserver.cgi JSON command parser is vulnerable to a crafted HTTP request where param is not an object, causing the cgiserver.cgi process to assert and reboot the device (DoS). Exploitation is described in Talos TALOS-2021-1421, w...
CVE-2021-44419
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44419
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44416
CVE-2021-44416 describes a denial-of-service vulnerability in the cgiserver.cgi JSON command parser of the Reolink RLC-410W (v3.0.0.136_20121102). A specially crafted HTTP request can trigger a reboot by causing the parser to assert when the JSON element for param is not an object (e.g., param is...
CVE-2021-44413
CVE-2021-44413 affects the Reolink RLC-410W camera’s cgiserver.cgi JSON command parser. The TALOS advisory documents multiple DoS variants on v3.0.0.136_20121102 where sending a crafted HTTP request can cause the cgiserver.cgi process to reboot the device. Root cause involves the parser assuming ...
CVE-2021-44414
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44413
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44412
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44412
The CVE-2021-44412 team lists a denial-of-service vulnerability affecting the Reolink RLC-410W camera (firmware 3.0.0.136_20121102) in the cgiserver.cgi JSON command parser. A specially crafted HTTP request can trigger a reboot by exposing an assertion failure when parsing the JSON body, specific...
CVE-2021-44407
The CVE-2021-44407 entry affects Reolink RLC-410W (v3.0.0.136_20121102) via the cgiserver.cgi JSON command parser. A DoS condition arises when a JSON body in the API requests contains a non-object param for certain commands, triggering an assert in the cgiserver.cgi path and causing the device re...
CVE-2021-44406
CVE-2021-44406 affects the reolink RLC-410W camera (v3.0.0.136_20121102) via its cgiserver.cgi JSON command parser. A malformed HTTP request can trigger a denial-of-service condition by causing the cgiserver.cgi process to reboot. Talos describes our affected component as the cgiserver.cgi JSON c...
CVE-2021-44405
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44411
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44409
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44408
CVE-2021-44408 affects Reolink RLC-410W (CGI: cgiserver.cgi) where the JSON command parser can be invoked with a non-object param, triggering an assertion and reboot. Talos details show a CGI JSON flow where param is extracted and passed to a generic j2s handler; if param is not an object, an ass...
CVE-2021-44403
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44401
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44402
CVE-2021-44402 affects the Reolink RLC-410W (v3.0.0.136_20121102) and is caused by a flaw in the cgiserver.cgi JSON command parser. A crafted HTTP request can trigger an assert when the API parses the JSON body, causing the cgiserver.cgi process to reboot the device and potentially disrupt servic...
CVE-2021-44402
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44400
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability...