CVE-2021-44361
Description
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in reolink RLC-410W firmware v3.0.0.136_20121102 allows unauthenticated remote attackers to reboot the device via a specially-crafted HTTP request to cgiserver.cgi.
Vulnerability
The vulnerability resides in the JSON command parser of cgiserver.cgi on reolink RLC-410W cameras running firmware version 3.0.0.136_20121102. The Set3G parameter is improperly validated when it is not an object, leading to a crash of the cgiserver.cgi process and subsequent device reboot. No authentication is required to exploit this issue [1].
Exploitation
An attacker can send a specially-crafted HTTP request to the camera's web interface without any prior authentication. The request triggers the vulnerable code path when parsing the Set3G JSON parameter. No user interaction is needed [1].
Impact
Successful exploitation causes the cgiserver.cgi process to terminate, resulting in a denial of service condition as the device reboots. The impact is limited to availability; confidentiality and integrity are not affected [1].
Mitigation
As of the publication date, no firmware update has been released to address this vulnerability. Users should monitor the vendor's advisory for patches. Limiting network access to the camera can reduce exposure [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- reolink/RLC-410Wdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1421mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.