Vendor CVEs
Reolink
All CVEs
116 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40408 | 0.00 | — | 0.04 | Jan 28, 2022 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is… | |||
| CVE-2021-40416 | 0.00 | — | 0.01 | Jan 28, 2022 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an… | |||
| CVE-2021-40415 | 0.00 | — | 0.01 | Jan 28, 2022 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give… | |||
| CVE-2021-40414 | 0.00 | — | 0.01 | Jan 28, 2022 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of… | |||
| CVE-2021-40413 | 0.00 | — | 0.01 | Jan 28, 2022 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version… | |||
| CVE-2022-21217 | 0.00 | — | 0.01 | Jan 28, 2022 | An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2021-40406 | 0.00 | — | 0.02 | Jan 28, 2022 | A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2021-40419 | 0.00 | — | 0.01 | Jan 28, 2022 | A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||
| CVE-2021-40404 | 0.00 | — | 0.01 | Jan 28, 2022 | An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2022-21134 | 0.00 | — | 0.01 | Jan 28, 2022 | A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||
| CVE-2022-21199 | 0.00 | — | 0.01 | Jan 28, 2022 | An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this… | |||
| CVE-2022-21801 | 0.00 | — | 0.01 | Jan 28, 2022 | A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. | |||
| CVE-2022-21796 | 0.00 | — | 0.01 | Jan 28, 2022 | A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2021-40423 | 0.00 | — | 0.01 | Jan 28, 2022 | A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2022-21236 | 0.00 | — | 0.02 | Jan 28, 2022 | An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2020-25173 | 0.00 | — | 0.00 | Jan 26, 2021 | An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access |
- CVE-2021-40408Jan 28, 2022risk 0.00cvss —epss 0.04
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is…
- CVE-2021-40416Jan 28, 2022risk 0.00cvss —epss 0.01
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an…
- CVE-2021-40415Jan 28, 2022risk 0.00cvss —epss 0.01
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give…
- CVE-2021-40414Jan 28, 2022risk 0.00cvss —epss 0.01
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of…
- CVE-2021-40413Jan 28, 2022risk 0.00cvss —epss 0.01
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version…
- CVE-2022-21217Jan 28, 2022risk 0.00cvss —epss 0.01
An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2021-40406Jan 28, 2022risk 0.00cvss —epss 0.02
A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2021-40419Jan 28, 2022risk 0.00cvss —epss 0.01
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
- CVE-2021-40404Jan 28, 2022risk 0.00cvss —epss 0.01
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2022-21134Jan 28, 2022risk 0.00cvss —epss 0.01
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
- CVE-2022-21199Jan 28, 2022risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this…
- CVE-2022-21801Jan 28, 2022risk 0.00cvss —epss 0.01
A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability.
- CVE-2022-21796Jan 28, 2022risk 0.00cvss —epss 0.01
A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2021-40423Jan 28, 2022risk 0.00cvss —epss 0.01
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2022-21236Jan 28, 2022risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-25173Jan 26, 2021risk 0.00cvss —epss 0.00
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
Page 3 of 3