CVE-2021-44400

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of Reolink RLC-410W firmware version v3.0.0.136_20121102. The GetPtzPatrol parameter is expected to be an object, but when a non-object value is provided, it triggers a denial of service condition leading to a device reboot. This is an improper input validation issue (CWE-20) [1].

Exploitation

An attacker can send a specially crafted HTTP request to the camera's web interface without any authentication. The request must include a malformed GetPtzPatrol parameter that is not an object. No user interaction or special network position is required beyond network access to the camera [1].

Impact

Successful exploitation causes the cgiserver.cgi process to terminate, resulting in an immediate reboot of the device. This leads to a denial of service, disrupting the camera's surveillance functionality until it restarts. The impact is limited to availability; no data confidentiality or integrity is compromised [1].

Mitigation

As of the publication date (2022-01-28), no firmware update has been released to address this vulnerability. Users should monitor Reolink's official support channels for a patched firmware version. Until a fix is available, restricting network access to the camera to trusted hosts only can reduce the attack surface [1].