CVE-2021-44364

Vulnerability

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W WiFi security camera firmware version v3.0.0.136_20121102. The specific issue is an improper input validation (CWE-20) in the SetWifi parameter handling, where the parser expects an object but receives a non-object type. This flaw can be triggered by a specially craft HTTP request targeting the JSON command interface.

Exploitation

An attacker can exploit this vulnerability without any authentication or prior access to the device. By sending a crafted HTTP request with a malformed JSON payload (specifically where the SetWifi parameter is not an object) to the camera's cgiserver.cgi endpoint, the attacker causes the process to crash, leading to a device reboot. No user interaction or special network position is required beyond network connectivity to the camera's web interface.

Impact

A successful exploit forces the camera to reboot, causing a denial of service (DoS). The device becomes temporarily unavailable, interrupting its surveillance and recording functions. The impact is limited to availability (CIA triad), with no direct information disclosure or code execution. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to the low attack complexity and no authentication requirement.

Mitigation

As of the published date (2022-01-28), the advisory from Cisco Talos [1] confirms the vulnerability in firmware version v3.0.0.136_20121102. No fixed firmware version has been announced in the available references. Users should monitor vendor updates for patched firmware and apply it when released. In the interim, restricting network access to the camera's web interface from untrusted networks (e.g., via firewall rules) can reduce exposure.