CVE-2021-40409

Vulnerability

An OS command injection vulnerability exists in the device network settings functionality of Reolink RLC-410W v3.0.0.136_20121102. The SetDdns API processes the password parameter without proper validation, leading to command injection in the set_dds_config function. The affected parameter is password within the DDNS settings [1].

Exploitation

An attacker must have high privileges (authenticated access to the camera's API) and network connectivity. They send a specially crafted HTTP request to the SetDdns API with a malicious payload in the password field. When the device applies the DDNS settings, the injected command is executed [1].

Impact

Successful exploitation leads to arbitrary OS command execution with root privileges, resulting in full compromise of confidentiality, integrity, and availability. The CVSSv3 score is 9.1 (Critical) [1].

Mitigation

As of the report date, no official patch was available. Users should monitor vendor updates for a fixed firmware version. Restricting network access to the API can reduce risk. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog [1].