VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44367

CVE-2021-44367

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W's cgiserver.cgi allows unauthenticated remote attackers to reboot the device via a crafted HTTP request.

Vulnerability

The vulnerability resides in the JSON command parser of cgiserver.cgi in Reolink RLC-410W firmware version v3.0.0.136_20121102. The SetUpnp parameter is not validated as an object, leading to improper input validation (CWE-20). A specially-crafted HTTP request can cause the cgiserver.cgi process to crash, resulting in a device reboot. [1]

Exploitation

An attacker can send an HTTP request without authentication, as the vulnerable API is accessible without proper authorization. The request must include a malformed SetUpnp parameter that is not an object. No user interaction is required, and the attack is performed over the network. [1]

Impact

Successful exploitation causes the device to reboot, resulting in a denial of service. The impact is high availability loss, with no confidentiality or integrity impact. The CVSS score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). [1]

Mitigation

As of the advisory publication date (2022-01-28), no fix has been released. Users should monitor Reolink for firmware updates. The device may be vulnerable to other similar issues listed in TALOS-2021-1421. [1]

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.