CVE-2021-44408
Description
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in reolink RLC-410W camera allows unauthenticated attackers to cause a device reboot via a crafted HTTP request.
Vulnerability
The cgiserver.cgi JSON command parser in reolink RLC-410W v3.0.0.136_20121102 fails to properly validate the TestFtp parameter, expecting an object but not enforcing that type. This allows a specially-crafted HTTP request to crash the cgiserver.cgi process, leading to a device reboot [1].
Exploitation
An attacker can send an HTTP request to the vulnerable API endpoint without any authentication. The request must include a JSON payload where the TestFtp parameter is not an object (e.g., a string or array). This triggers the improper input validation, causing a NULL pointer dereference or similar crash, resulting in immediate reboot [1].
Impact
Successful exploitation causes a denial of service by rebooting the device. The camera becomes temporarily unavailable, disrupting surveillance functions. No data confidentiality or integrity is affected [1].
Mitigation
The referenced Talos advisory does not provide a vendor fix or workaround. Users should contact reolink for a firmware update that addresses this issue. Until then, restrict network access to the camera to trusted hosts only [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- reolink/RLC-410Wdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1421mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.