VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44373

CVE-2021-44373

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W cameras allows unauthenticated remote attackers to reboot the device via a specially crafted HTTP request.

Vulnerability

The cgiserver.cgi JSON command parser in Reolink RLC-410W firmware version v3.0.0.136_20121102 does not properly validate the SetAutoFocus parameter when it is not an object. This improper input validation (CWE-20) allows a specially crafted HTTP request to crash the cgiserver.cgi process, resulting in a device reboot. [1]

Exploitation

An unauthenticated attacker with network access to the device can send a crafted HTTP request with a malformed SetAutoFocus parameter (e.g., a non-object value) to the vulnerable endpoint. No authentication or user interaction is required, and the attack can be executed remotely over the network. [1]

Impact

Successful exploitation causes the cgiserver.cgi process to terminate, leading to an immediate reboot of the camera. This results in a denial of service, rendering the device temporarily unavailable. No confidentiality or integrity impact is involved; only availability is affected. [1]

Mitigation

As of the publication date of this advisory (2022-01-28), no official fix or firmware update has been disclosed by Reolink for this vulnerability. Users are advised to monitor vendor security advisories for a patch. If possible, restrict network access to the camera to trusted networks only. [1]

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.