VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44416

CVE-2021-44416

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W allows unauthenticated remote attackers to reboot the device via a crafted HTTP request.

Vulnerability

An improper input validation vulnerability (CWE-20) exists in the JSON command parser functionality of cgiserver.cgi in Reolink RLC-410W firmware version v3.0.0.136_20121102. The Disconnect parameter is not validated as an object, allowing a specially-crafted HTTP request to crash the cgiserver.cgi process and trigger a device reboot [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the camera's web interface without requiring any authentication or user interaction. The request causes the cgiserver.cgi process to terminate, leading to an immediate reboot of the device [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the camera to reboot and temporarily lose surveillance functionality. The availability of the device is compromised, but no data confidentiality or integrity is affected [1].

Mitigation

As of the publication date (2022-01-28), no firmware update has been released by Reolink to address this vulnerability. Users should monitor the vendor's official support channels for future patches. No workaround is documented in the available references [1].

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: =3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.