CVE-2021-44409

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of Reolink RLC-410W firmware version v3.0.0.136_20121102. The TestWifi parameter is not validated as an object, leading to improper input validation (CWE-20). A specially-crafted HTTP request can cause the cgiserver.cgi process to terminate, resulting in a device reboot. [1]

Exploitation

An attacker can send an HTTP request to the camera's web interface without requiring authentication. The request must include a malformed JSON payload where the TestWifi parameter is not an object. This triggers the parsing flaw, causing the process to crash and the device to reboot. [1]

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the camera to reboot and become temporarily unavailable. The impact is limited to availability; no data confidentiality or integrity is compromised. The CVSS v3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). [1]

Mitigation

As of the advisory publication date (2022-01-28), no official patch has been released by Reolink. Users should monitor vendor updates for a firmware fix. Until a patch is available, consider restricting network access to the camera's web interface to trusted hosts only. [1]