CVE-2021-44360
Description
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in Reolink RLC-410W cgiserver.cgi allows unauthenticated attackers to cause a device reboot via a malformed SetNorm parameter.
Vulnerability
The vulnerability exists in the JSON command parser of cgiserver.cgi in Reolink RLC-410W firmware version v3.0.0.136_20121102. Specifically, the SetNorm parameter is not validated to be an object, leading to improper input validation (CWE-20) [1]. An attacker can exploit this by sending a specially crafted HTTP request without authentication.
Exploitation
An unauthenticated attacker sends an HTTP request to the cgiserver.cgi endpoint with a malformed SetNorm parameter that is not a JSON object. This triggers a crash of the cgiserver.cgi process, causing the device to reboot [1].
Impact
Successful exploitation results in a denial of service (DoS) as the device reboots, temporarily interrupting its functionality. No data loss or code execution is achieved.
Mitigation
As of the publication date, no fix has been disclosed by the vendor. Users are advised to monitor for firmware updates and restrict network access to the device if possible.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- reolink/RLC-410Wdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1421mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.