CVE-2021-44359

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of the Reolink RLC-410W WiFi security camera, firmware version v3.0.0.136_20121102. The SetCrop parameter is not properly validated as an object, leading to improper input validation (CWE-20). A specially-crafted HTTP request can trigger a reboot of the device [1].

Exploitation

An attacker can exploit this vulnerability by sending a malicious HTTP request to the camera's API without requiring any authentication. The request targets the JSON command parser and due to the lack of proper input validation on the SetCrop parameter, it causes the cgiserver.cgi process to crash, resulting in a device reboot [1]. No user interaction or special network position is required beyond network access to the device.

Impact

Successful exploitation leads to a denial of service as the device reboots. The attacker gains no code execution or data access; the impact is limited to temporary unavailability of the camera functionality (availability impact only). The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) indicating high severity with network attack vector and no privileges required [1].

Mitigation

As of the publication date (2022-01-28), no patched firmware version has been released for this vulnerability [1]. Users should monitor the vendor's support channels for updates. If the device is exposed to untrusted networks, restrict network access to the camera's web interface as a workaround. The vulnerability is not currently listed in the CISA KEV catalog.