CVE-2021-44385

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W firmware version v3.0.0.136_20121102. The SetPtzSerial parameter is not properly validated as an object, leading to improper input validation (CWE-20). A specially-crafted HTTP request can cause the cgiserver.cgi process to crash, resulting in a device reboot. [1]

Exploitation

An attacker can exploit this vulnerability by sending a malicious HTTP request without requiring authentication. The attacker does not need any prior access or user interaction. The request triggers a parsing error in the JSON command parser, killing the cgiserver.cgi process and causing the device to reboot. [1]

Impact

Successful exploitation results in a denial of service (DoS) condition as the device reboots. The impact is confined to availability (CIA: availability only) with no impact on confidentiality or integrity. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). [1]

Mitigation

As of the publication date (2022-01-28), no official patch has been disclosed by reolink. Users are advised to monitor vendor advisories for firmware updates. The device may be listed in the CISA Known Exploited Vulnerabilities (KEV) catalog if applicable. [1]