CVE-2021-44413

Vulnerability

The vulnerability exists in the cgiserver.cgi JSON command parser of the Reolink RLC-410W wireless security camera running firmware version v3.0.0.136_20121102. The parser fails to properly validate the AddUser parameter, expecting it to be an object; providing a non-object value leads to a denial of service condition. This issue is classified as CWE-20: Improper Input Validation [1].

Exploitation

An unauthenticated attacker with network access to the camera can exploit this vulnerability by sending a specially crafted HTTP request to the cgiserver.cgi endpoint. The request must include the AddUser parameter set to a non-object value (e.g., a string or integer). Upon processing the malformed input, the cgiserver.cgi process terminates, causing the device to reboot [1].

Impact

Successful exploitation results in a denial of service condition, forcing the camera to reboot. No other impact on confidentiality or integrity is known. The CVSS v3.0 score is 8.6 (High) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H [1].

Mitigation

As of the publication date, no firmware update or patch has been released by Reolink to address this vulnerability. The vendor has been notified via the Cisco Talos disclosure process. Users are advised to restrict network access to the camera and monitor for future updates from the vendor [1].