VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44383

CVE-2021-44383

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The SetAutoUpgrade JSON parser in reolink RLC-410W v3.0.0.136_20121102 allows remote attackers to cause a denial of service via a crafted HTTP request, leading to a device reboot.

Vulnerability

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser of the reolink RLC-410W camera firmware version v3.0.0.136_20121102. The SetAutoUpgrade parameter is not validated to be an object, allowing a specially-crafted HTTP request to trigger a device reboot. The vulnerability is classified under CWE-20 (Improper Input Validation) [1].

Exploitation

An attacker can exploit this vulnerability by sending an HTTP request to the camera's CGI interface with a non-object value for the SetAutoUpgrade parameter. No authentication is required (CVSS:3.0 AV:N/AC:L/PR:N/UI:N). The request causes the cgiserver.cgi process to crash, leading to a reboot of the device [1].

Impact

Successful exploitation results in a denial of service condition via device reboot. There is no impact on confidentiality or integrity, but availability is completely lost until the device restarts [1].

Mitigation

As of the publication date, no official fix or firmware update has been released by reolink to address this vulnerability. Users are advised to monitor vendor advisories and restrict network access to the camera's management interface as a workaround [1].

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = v3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.