VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44388

CVE-2021-44388

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in reolink RLC-410W cgiserver.cgi allows unauthenticated remote attackers to reboot the device via a crafted HTTP request.

Vulnerability

The vulnerability exists in the JSON command parser of cgiserver.cgi in reolink RLC-410W firmware version v3.0.0.136_20121102. The parser does not properly validate the login parameter when it is not an object, leading to a crash of the cgiserver.cgi process and subsequent device reboot. [1]

Exploitation

An attacker can send a specially-crafted HTTP request to the camera's web interface without any authentication. The request must include a malformed JSON payload where the login parameter is not an object (e.g., a string or integer). This triggers the vulnerability, causing the cgiserver.cgi process to terminate and the device to reboot. [1]

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the camera to reboot and become temporarily unavailable. The impact is limited to availability; no data confidentiality or integrity is compromised. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). [1]

Mitigation

As of the publication date (2022-01-28), no official patch has been released by reolink. Users should monitor the vendor's website for firmware updates. The device is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.