VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 14, 2022· Updated Apr 15, 2025

CVE-2021-44355

CVE-2021-44355

Description

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple denial of service vulnerabilities in Reolink RLC-410W's cgiserver.cgi allow unauthenticated remote attackers to cause a device reboot via a specially crafted HTTP request.

Vulnerability

The vulnerability resides in the JSON command parser of cgiserver.cgi in Reolink RLC-410W firmware version v3.0.0.136_20121102. Improper input validation (CWE-20) allows a specially crafted HTTP request to kill the cgiserver.cgi process, leading to a device reboot. The API intended for administrator-initiated reboot is reachable without proper authentication [1].

Exploitation

An attacker can send a crafted HTTP request to the device over the network without any authentication or user interaction. The request triggers the vulnerability in the JSON parser, causing the cgiserver.cgi process to crash and the device to reboot [1].

Impact

Successful exploitation results in denial of service (device reboot), causing temporary loss of surveillance functionality. The impact is high availability impact, with no confidentiality or integrity impact. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) [1].

Mitigation

As of the advisory publication date (2022-04-14), no fixed version was available. Users should monitor Reolink for firmware updates. The device may be vulnerable to other similar CVEs listed in the same advisory. No workaround is mentioned, and the vulnerability is not listed on CISA KEV [1].

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Reolink/RLC-410Wllm-fuzzy2 versions
    = 3.0.0.136_20121102+ 1 more
    • (no CPE)range: = 3.0.0.136_20121102
    • (no CPE)range: v3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.