5 matches found
CVE-2021-40408
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...
CVE-2021-40408
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...
CVE-2021-40408
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...
CVE-2021-40408
CVE-2021-40408 covers multiple OS command injection flaws in Reolink RLC-410W (v3.0.0.136_20121102) via device network settings APIs SetDdns, SetLocalLink, and SetDevName. The root cause is insufficient validation of user-supplied fields (ddns->username, ddns->domain, dns1/dns2, devname) th...
CVE-2021-40408
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...