VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44386

CVE-2021-44386

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W allows unauthenticated remote attackers to reboot the device via a crafted HTTP request.

Vulnerability

The vulnerability resides in the cgiserver.cgi JSON command parser of the Reolink RLC-410W camera firmware version v3.0.0.136_20121102. The SetPtzPatrol parameter is not validated to be an object, leading to improper input validation (CWE-20). A specially-crafted HTTP request can cause the cgiserver.cgi process to crash, resulting in a device reboot [1].

Exploitation

An attacker can send an unauthenticated HTTP request (CVSS:3.0/AV:N/AC:L/PR:N) to the vulnerable endpoint. The request includes a malformed JSON payload where the SetPtzPatrol parameter is not an object. This triggers the vulnerability, killing the cgiserver.cgi process and forcing the device to reboot [1].

Impact

Successful exploitation results in a denial of service (reboot) of the camera. The device becomes temporarily unavailable until the reboot cycle completes. There is no impact on confidentiality or integrity, but availability is fully compromised [1].

Mitigation

As of the advisory publication date (2022-01-28), no firmware patch was available. Users should monitor the vendor for updates. As a workaround, restrict network access to the camera's web interface to trusted networks only [1].

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.