VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Apr 15, 2025

CVE-2021-44418

CVE-2021-44418

Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Reolink RLC-410W's cgiserver.cgi allows unauthenticated remote attackers to reboot the device via a crafted HTTP request.

Vulnerability

The vulnerability resides in the JSON command parser of cgiserver.cgi in Reolink RLC-410W firmware version v3.0.0.136_20121102. The GetMdState parameter is not validated as an object, leading to improper input validation (CWE-20). An attacker can send a specially-crafted HTTP request that causes the cgiserver.cgi process to terminate, resulting in a device reboot [1].

Exploitation

An unauthenticated attacker with network access to the camera can send a crafted HTTP request to the vulnerable API endpoint. No authentication or user interaction is required. The request triggers the improper input validation, killing the cgiserver.cgi process and causing the device to reboot [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, as the device reboots and becomes temporarily unavailable. The impact is limited to availability; no data confidentiality or integrity is compromised. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) [1].

Mitigation

As of the publication date (2022-01-28), no fixed version has been disclosed. Users should monitor Reolink for firmware updates. The device may be vulnerable to other similar issues listed in the Talos advisory [1]. No workaround is provided.

References
  1. TALOS-2021-1421 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • reolink/RLC-410Wdescription
  • Reolink/RLC-410Wllm-fuzzy
    Range: = 3.0.0.136_20121102

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.