CVE-2021-44357
Description
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple denial of service vulnerabilities in Reolink RLC-410W's cgiserver.cgi allow unauthenticated remote attackers to cause a device reboot via crafted HTTP requests.
Vulnerability
The vulnerability resides in the JSON command parser of the cgiserver.cgi process in Reolink RLC-410W firmware version v3.0.0.136_20121102. Improper input validation (CWE-20) allows a specially-crafted HTTP request to crash the cgiserver.cgi process, leading to an immediate device reboot [1].
Exploitation
An unauthenticated attacker can send a crafted HTTP request to the device over the network. No user interaction or prior authentication is required. The request triggers a parsing error that kills the cgiserver.cgi process, causing the device to reboot [1].
Impact
Successful exploitation results in a denial of service (DoS) through device reboot. The availability of the camera is disrupted until the reboot completes. There is no impact on confidentiality or integrity [1].
Mitigation
As of the publication date (2022-04-14), no fixed firmware version has been disclosed in the available references. Users should monitor the vendor's advisory for updates. No workaround is provided [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1421mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.