294 matches found
CVE-2021-44382
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44382
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44381
The CVE-2021-44381 entry concerns Reolink RLC-410W firmware (v3.0.0.136_20121102). A vulnerability in cgiserver.cgi’s JSON command parser allows a specially crafted HTTP request to reboot the device, by triggering an assertion when a JSON param is not an object (notably SetPowerLed). TALOS detail...
CVE-2021-44380
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44378
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44379
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44379
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44378
CVE-2021-44378 affects Reolink RLC-410W (v3.0.0.136_20121102) via the cgiserver.cgi JSON command parser. A specially crafted HTTP request can trigger an assertion in param parsing, killing the cgiserver.cgi process and rebooting the device (DoS/availability impact). Root cause: improper handling ...
CVE-2021-44379
CVE-2021-44379 affects the Reolink RLC-410W cgiserver.cgi JSON command parser. A specially crafted HTTP request can cause the cgiserver.cgi process to reboot, compromising device availability. The issue is triggered when parsing JSON arrays where the param field is expected to be an object (e.g.,...
CVE-2021-44377
CVE-2021-44377 : Talos reports multiple denial-of-service vulnerabilities in the cgiserver.cgi JSON command parser of the Reolink RLC-410W (v3.0.0.136_20121102). A specially crafted HTTP request can cause the cgiserver.cgi process to reboot by triggering asserts when JSON parameters are not objec...
CVE-2021-44377
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44376
The CVE-2021-44376 entry covers a denial-of-service vulnerability in the cgiserver.cgi JSON command parser of reolink RLC-410W (v3.0.0.136_20121102). A specially crafted HTTP request can reboot the device because the parser assumes the JSON element in param is an object and asserts otherwise, cau...
CVE-2021-44374
CVE-2021-44374 affects the Reolink RLC-410W (v3.0.0.136_20121102) with a denial-of-service in the cgiserver.cgi JSON command parser. A specially crafted HTTP body can trigger an assertion when a JSON element in param is not an object, potentially rebooting the device. The issue is caused by parsi...
CVE-2021-44374
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44372
CVE-2021-44372 affects Reolink RLC-410W (v3.0.0.136_20121102). The issue resides in the cgiserver.cgi JSON command parser; a crafted HTTP request can trigger a reboot by exploiting the SetLocalLink parameter not being an object. The DoS can reboot the device, with exploitation described in Talos ...
CVE-2021-44371
CVE-2021-44371 affects the cgiserver.cgi JSON command parser in reolink RLC-410W (v3.0.0.136_20121102). A crafted HTTP POST body can trigger the parser to reboot the device, causing a denial of service. The vulnerability stems from the code paths that assume param is an object, leading to an asse...
CVE-2021-44370
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44369
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44369
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44370
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...