3 matches found
CVE-2021-40410
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...
CVE-2021-40410
The connected TALOS report and Red Hat/CNNVD records confirm CVE-2021-40410 affects Reolink RLC-410W (v3.0.0.136_20121102) via multiple OS command injection vectors in device network settings APIs SetDdns, SetLocalLink, and SetDevName. Root cause: unvalidated user-supplied inputs (e.g., dns1, dns...
CVE-2021-40410
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...