CVE-2021-44379
Description
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in reolink RLC-410W camera's cgiserver.cgi allows unauthenticated attackers to cause a reboot via a crafted HTTP request.
Vulnerability
The vulnerability exists in the cgiserver.cgi JSON command parser of the reolink RLC-410W WiFi security camera running firmware version v3.0.0.136_20121102. Specifically, the SetAutoMaint parameter is expected to be an object, but the parser does not validate this, allowing a specially-crafted HTTP request to trigger a reboot [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the camera's CGI interface without requiring authentication. No user interaction is needed; the attacker only needs network access to the device.
Impact
Successful exploitation causes the cgiserver.cgi process to crash, resulting in a device reboot. This is a denial-of-service condition that disrupts the camera's operation until it restarts.
Mitigation
As of the publication date (2022-01-28), no firmware update has been released to address this vulnerability. Users should monitor the vendor's website for patches. If not needed for remote access, firewalling the camera's web interface can reduce exposure.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- reolink/RLC-410Wdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1421mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.