CVE-2021-44376

Vulnerability

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser of the Reolink RLC-410W wireless security camera running firmware version v3.0.0.136_20121102. The SetIsp parameter is not validated as an object, allowing a specially crafted HTTP request to trigger a reboot of the device. This affects the JSON command parser functionality which is reachable without authentication [1].

Exploitation

An attacker can exploit this vulnerability by sending a malicious HTTP request to the camera's cgiserver.cgi endpoint with a malformed SetIsp parameter that is not an object. No authentication is required and the attack can be performed over the network. The request causes the cgiserver.cgi process to crash, leading to an immediate reboot of the device [1].

Impact

Successful exploitation results in a denial of service condition, causing the camera to reboot and become temporarily unavailable. This can interrupt surveillance operations and require manual intervention if the device fails to recover properly. No data confidentiality or integrity impact is expected, but the availability impact is high as the device becomes non-functional during the reboot cycle [1].

Mitigation

As of the publication date, no fixed firmware version has been released by Reolink. Users should monitor the vendor's support site for future updates. Until a patch is available, restricting network access to the camera's web interface and placing the device behind a firewall can help reduce the attack surface. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].