CVE-2021-44403

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of the Reolink RLC-410W wireless IP camera (version v3.0.0.136_20121102). When parsing the GetPtzTattern parameter, the code fails to properly validate that the parameter is an object, leading to a crash. An unauthenticated attacker can send a specially crafted HTTP request to trigger this condition [1].

Exploitation

An attacker can exploit this vulnerability by sending an HTTP request to the camera's web interface with a malformed JSON payload where the GetPtzTattern parameter is not an object (e.g., a string or integer). No authentication is required, and the attack can be launched remotely over the network. The request causes the cgiserver.cgi process to terminate, resulting in an immediate reboot of the device [1].

Impact

Successful exploitation causes a denial of service (DoS) as the camera reboots. This disrupts video surveillance and other functionality until the device starts up again. Confidentiality and integrity are not affected, but availability is compromised. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) [1].

Mitigation

As of the publication date (January 28, 2022), no official fix or patched firmware version has been released by Reolink. Affected users should monitor vendor updates for a fix. In the interim, network segmentation or restricting access to the camera's web interface can reduce exposure [1].