CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/01/28 8:15 p.m.•15 views

Command injection

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 6 the dnsdata-dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS...

6.5CVSS7.9AI score0.04695EPSS

Vulnrichment•added 2022/01/28 7:10 p.m.•8 views

CVE-2021-40412

An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 8 the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command...

9.1CVSS7.5AI score0.27477EPSS

Cvelist•added 2022/01/28 7:10 p.m.•25 views

CVE-2021-40412

9.1CVSS8.1AI score0.27477EPSS

CVE•added 2022/01/28 7:10 p.m.•59 views

CVE-2021-40412

CVE-2021-40412 affects Reolink RLC-410W (firmware around v3.0.0.136_20121102). The root cause is lack of validation in the device network settings APIs (SetDevName, SetDdns, SetLocalLink) which format OS commands using user-controlled inputs (notably devname). This leads to OS command injection v...

9.1CVSS7.2AI score0.27477EPSS

Vulnrichment•added 2022/01/28 7:10 p.m.•4 views

CVE-2021-40410

9.1CVSS7.5AI score0.27876EPSS

Vulnrichment•added 2022/01/28 7:10 p.m.•7 views

CVE-2021-40411

9.1CVSS7.5AI score0.04695EPSS

Cvelist•added 2022/01/28 7:10 p.m.•28 views

CVE-2021-40410

9.1CVSS8.2AI score0.27876EPSS

CVE•added 2022/01/28 7:10 p.m.•62 views

CVE-2021-40410

The connected TALOS report and Red Hat/CNNVD records confirm CVE-2021-40410 affects Reolink RLC-410W (v3.0.0.136_20121102) via multiple OS command injection vectors in device network settings APIs SetDdns, SetLocalLink, and SetDevName. Root cause: unvalidated user-supplied inputs (e.g., dns1, dns...

9.1CVSS7.3AI score0.27876EPSS

CVE•added 2022/01/28 7:10 p.m.•60 views

CVE-2021-40411

The CVE-2021-40411 issue affects Reolink RLC-410W devices (v3.0.0.136_20121102). The user-controlled input dns2 in the SetLocalLink API is not validated, allowing OS command injection when the system builds and executes a command via pip_system. The related SetDdns and SetLocalLink paths (and Set...

9.1CVSS7.2AI score0.04695EPSS

CVE•added 2022/01/28 7:10 p.m.•62 views

CVE-2021-40409

CVE-2021-40409 affects Reolink RLC-410W (v3.0.0.136_20121102). The vulnerability is OS command injection in the device network settings via several APIs (SetDdns, SetLocalLink, SetDevName). The root cause is improper validation of input fields (ddns.password, ddns.domain/username, dns1/dns2, devn...

9.8CVSS9.8AI score0.03657EPSS

Cvelist•added 2022/01/28 7:10 p.m.•20 views

CVE-2021-40409

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. Th...

Vulnrichment•added 2022/01/28 7:10 p.m.•5 views

CVE-2021-40409

CVE•added 2022/01/28 7:10 p.m.•67 views

CVE-2021-40408

CVE-2021-40408 covers multiple OS command injection flaws in Reolink RLC-410W (v3.0.0.136_20121102) via device network settings APIs SetDdns, SetLocalLink, and SetDevName. The root cause is insufficient validation of user-supplied fields (ddns->username, ddns->domain, dns1/dns2, devname) th...

9.8CVSS9.7AI score0.03657EPSS

Vulnrichment•added 2022/01/28 7:10 p.m.•6 views

CVE-2021-40408

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...

Cvelist•added 2022/01/28 7:10 p.m.•17 views

CVE-2021-40408