CVE-2021-40405

Vulnerability

The vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W firmware version v3.0.0.136_20121102. The API checks user permissions but a specially crafted HTTP request can bypass this check, causing the cgiserver.cgi process to kill itself and trigger a device reboot. The issue is classified as CWE-284: Improper Access Control [1].

Exploitation

An attacker can send a specially crafted HTTP request to the Upgrade API endpoint without requiring any authentication or special privileges. The request triggers the permission check failure path, which sets a flag to reboot the device. No user interaction is needed, and the attack can be performed over the network [1].

Impact

Successful exploitation results in a denial of service by causing the device to reboot. The impact is limited to availability (A:H) with no effect on confidentiality or integrity. The CVSSv3 score is 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) [1].

Mitigation

As of the publication date (2022-04-14), no firmware update has been released to fix this vulnerability. Users should monitor Reolink for updates. The device may be at end of life or unsupported. No workaround is provided in the reference [1].