CVE-2021-44411

Vulnerability

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser of the Reolink RLC-410W wireless IP camera running firmware version v3.0.0.136_20121102 [1]. The issue is classified as CWE-20 (Improper Input Validation) and resides in a command that is intended only for authenticated administrator use. When the search parameter is provided as a non-object value, the parser fails to handle the malformed input correctly, leading to the termination of the cgiserver.cgi process [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially-crafted HTTP request to the camera's cgiserver.cgi endpoint with a malformed search parameter that is not an object [1]. The attack requires no authentication (CVSSv3 attack vector is network-based with low complexity and no privileges required) and can be performed remotely over the network [1]. No user interaction or special network position beyond reachability is needed [1]. The malformed input causes the CGI process to crash, which triggers an automatic reboot of the device [1].

Impact

Successful exploitation results in a denial of service through a device reboot, temporarily disrupting the camera's surveillance and recording capabilities [1]. The impact is limited to availability (no confidentiality or integrity impact per the CVSS score) but is rated high because the attack does not require authentication and can be repeated indefinitely [1]. The vulnerable process is critical to camera operation, so the crash forces a full device restart [1].

Mitigation

As of the publication date (January 28, 2022), the vendor Reolink has not released a firmware update addressing this vulnerability [1]. Affected users should monitor the vendor's support pages for a future patch. No known workarounds are documented in the available references. If the device is exposed to the internet, restricting access to the web interface via firewall rules or network segmentation is advised to reduce attack surface [1].