VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44393

CVE-2021-44393

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper input validation in reolink RLC-410W cgiserver.cgi allows unauthenticated attackers to cause denial of service via device reboot.

Vulnerability

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser of reolink RLC-410W firmware version v3.0.0.136_20121102. The GetIsp parameter is not properly validated as an object, leading to a crash when a specially-crafted HTTP request is processed. This issue is classified as CWE-20 (Improper Input Validation) [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially-crafted HTTP request to the device's cgiserver.cgi endpoint. No authentication is required (CVSSv3: AV:N/AC:L/PR:N/UI:N). The malformed request causes the cgiserver.cgi process to terminate, which triggers a system reboot [1].

Impact

Successful exploitation results in a denial of service condition where the device reboots unexpectedly, temporarily interrupting its functionality. No sensitive data is exposed, and no further compromise beyond availability is achieved [1].

Mitigation

As of the publication date, no fix has been released by reolink. The vendor was contacted but did not respond [1]. Users may mitigate by restricting network access to the device (e.g., firewall rules) until a firmware update becomes available.

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.