VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44401

CVE-2021-44401

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W cameras allows an unauthenticated attacker to cause a device reboot via a specially-crafted HTTP request.

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of Reolink RLC-410W firmware version v3.0.0.136_20121102. The PtzCtrl parameter is not validated as an object, leading to improper input validation (CWE-20)[1]. A specially-crafted HTTP request can kill the cgiserver.cgi process, resulting in a device reboot.

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the camera's web interface. No authentication or user interaction is required. The request triggers the invalid PtzCtrl parameter, causing the cgiserver.cgi process to terminate and the device to reboot[1].

Impact

Successful exploitation leads to a denial of service through device reboot, affecting availability (CIA: None/None/High). The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)[1].

Mitigation

As of the advisory publication date (2022-01-28), no official fix or workaround has been disclosed by Reolink. Users should monitor vendor updates for a patched firmware version[1].

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = v3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.