294 matches found
CVE-2021-44399
The CVE-2021-44399 issue affects Reolink RLC-410W (v3.0.0.136_20121102) through the cgiserver.cgi JSON command parser. TALOS describes multiple DoS vectors where a specially crafted HTTP request can cause the cgiserver.cgi process to reboot by triggering asserts when the API’s JSON parameters are...
CVE-2021-44397
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44398
The CVE-2021-44398 issue affects Reolink RLC-410W (v3.0.0.136_20121102) and is caused by a flaw in the cgiserver.cgi JSON command parser. The TALOS analysis describes multiple DoS scenarios where a specially crafted HTTP request can trigger the reboot by asserting on non-object JSON elements in c...
CVE-2021-44395
CVE-2021-44395 affects the Reolink RLC-410W camera (firmware v3.0.0.136_20121102). The vulnerability lies in the cgiserver.cgi JSON command parser: when a JSON array body contains a non-object for the param field (e.g., a misformatted or empty string), the code can trigger an assertion and reboot...
CVE-2021-44392
The CVE-2021-44392 family affects Reolink RLC-410W (v3.0.0.136_20121102) via the cgiserver.cgi JSON command parser. A specially crafted HTTP POST body containing a JSON array can trigger an assertion in the param parsing, potentially killing the cgiserver.cgi process and rebooting the device (DoS...
CVE-2021-44393
CVE-2021-44393 affects Reolink RLC-410W (v3.0.0.136_20121102). The vulnerability exists in cgiserver.cgi JSON command parser: processing a specially crafted HTTP POST body can reboot the device due to improper handling when JSON elements like GetIsp are not objects. Multiple sources (Talos, NVD/N...
CVE-2021-44391
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44391
The CVE-2021-44391 issue affects Reolink RLC-410W (firmware v3.0.0.136_20121102) where the cgiserver.cgi JSON command parser mishandles non-object GetEnc param data, allowing a remote attacker to reboot the device via a specially crafted HTTP request. TALOS details confirm a set of JSON-command-b...
CVE-2021-44390
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44388
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44389
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44389
CVE-2021-44389 affects Reolink RLC-410W (v3.0.0.136_20121102). The cgiserver.cgi JSON command parser accepts JSON arrays of commands; if a param is not an object, the code can hit an assertion path leading to a device reboot. Attack surface involves a crafted HTTP POST to the camera’s API (cmd, a...
CVE-2021-44387
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44387
CVE-2021-44387 corresponds to multiple DoS issues in Reolink RLC-410W (firmware 3.0.0.136_20121102) where the cgiserver.cgi JSON command parser incorrectly handles param objects. A specially crafted HTTP body (JSON array of commands) can crash the parser or kill cgiserver.cgi, rebooting the devic...
CVE-2021-44386
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44385
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44385
CVE-2021-44385 affects the Reolink RLC-410W camera. The vulnerability lies in the cgiserver.cgi JSON command parser: processing a specially crafted HTTP body can trigger the cgiserver.cgi to reboot the device, causing a denial of service. The issue stems from how the parser handles the JSON eleme...
CVE-2021-44384
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44382
CVE-2021-44382 describes a denial-of-service in the cgiserver.cgi JSON command parser of Reolink RLC-410W (v3.0.0.136_20121102). A crafted HTTP body targeting the CGI API can cause the cgiserver.cgi process to reboot, by exploiting improper handling of the JSON param object (not object) in multip...
CVE-2021-44381
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability...