Rlc-410w Firmware Security Vulnerabilities and Issues — Rlc-410w Firmware CVE List

Lucene search

ReolinkRlc-410w Firmware

7 matches found

cve•added 2022/01/28 8:15 p.m.•51 views

CVE-2021-40413

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be p...

7.1CVSS6.8AI score0.00207EPSS

cve•added 2022/01/28 8:15 p.m.•51 views

CVE-2021-40415

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the po...

7.1CVSS6.3AI score0.00275EPSS

cve•added 2022/01/28 8:15 p.m.•47 views

CVE-2022-21199

An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

7.5CVSS5.3AI score0.0026EPSS

cve•added 2022/01/28 8:15 p.m.•46 views

CVE-2021-40414

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of th...

7.1CVSS6.7AI score0.00207EPSS

cve•added 2022/01/28 8:15 p.m.•45 views

CVE-2021-40406

A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.

7.8CVSS7.3AI score0.00616EPSS

cve•added 2022/01/28 8:15 p.m.•45 views

CVE-2021-40423

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

7.8CVSS7.4AI score0.00271EPSS

cve•added 2022/04/14 8:15 p.m.•38 views

CVE-2021-40405

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

7.7CVSS6.3AI score0.00141EPSS