CVE-2021-44391

Vulnerability

The vulnerability resides in the JSON command parser of cgiserver.cgi in reolink RLC-410W firmware version v3.0.0.136_20121102. The GetEnc parameter is not validated as an object, allowing a specially crafted HTTP request to trigger a denial of service condition that kills the cgiserver.cgi process and causes the device to reboot. [1]

Exploitation

An unauthenticated attacker can send a crafted HTTP request to the device's web interface. No authentication or user interaction is required. The request exploits improper input validation (CWE-20) in the JSON parser, specifically when handling the GetEnc parameter. The attack is network-based and can be executed remotely. [1]

Impact

Successful exploitation results in a denial of service, causing the device to reboot. This disrupts the camera's functionality, including video streaming and recording, until the device completes its reboot cycle. The impact is limited to availability; no data confidentiality or integrity is compromised. [1]

Mitigation

As of the publication date (2022-01-28), no official patch has been released by reolink. Users should monitor vendor advisories for firmware updates. As a workaround, restrict network access to the camera's web interface to trusted networks only. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]