Search

Find a vulnerability

Search criteria

    90 vulnerabilities found for rlc-410w by reolink

    VAR-201904-1024

    Vulnerability from variot - Updated: 2025-11-18 15:22

    On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. plural Reolink The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reolink Digital Technology RLC-410W is an IP camera produced by Reolink Digital Technology Company in Hong Kong, China. There are security vulnerabilities in several Reolink products. Attackers use the 'TestEmail' function to exploit this vulnerability to inject and execute operating system commands with root privileges. The following products and versions are affected: Reolink RLC-410W 1.0.227 and earlier; C1 Pro 1.0.227 and earlier; C2 Pro 1.0.227 and earlier; RLC-422W 1.0.227 and earlier; RLC-511W 1.0 .227 and earlier versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1024",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1 pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "1.0.227"
          },
          {
            "model": "rlc-422w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "1.0.227"
          },
          {
            "model": "rlc-511w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "1.0.227"
          },
          {
            "model": "c2 pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "1.0.227"
          },
          {
            "model": "rlc-410w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "1.0.227"
          },
          {
            "model": "c1 pro",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "1.0.227"
          },
          {
            "model": "c2 pro",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "1.0.227"
          },
          {
            "model": "rlc-410w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "1.0.227"
          },
          {
            "model": "rlc-422w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "1.0.227"
          },
          {
            "model": "rlc-511w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "1.0.227"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:reolink:c1_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:reolink:c2_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:reolink:rlc-410w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:reolink:rlc-422w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:reolink:rlc-511w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          }
        ]
      },
      "cve": "CVE-2019-11001",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-11001",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-142604",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-11001",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-11001",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-11001",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2019-11001",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-11001",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-330",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-142604",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. plural Reolink The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reolink Digital Technology RLC-410W is an IP camera produced by Reolink Digital Technology Company in Hong Kong, China. There are security vulnerabilities in several Reolink products. Attackers use the \u0027TestEmail\u0027 function to exploit this vulnerability to inject and execute operating system commands with root privileges. The following products and versions are affected: Reolink RLC-410W 1.0.227 and earlier; C1 Pro 1.0.227 and earlier; C2 Pro 1.0.227 and earlier; RLC-422W 1.0.227 and earlier; RLC-511W 1.0 .227 and earlier versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-11001",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-142604",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "id": "VAR-201904-1024",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-11-18T15:22:21.286000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.vdoo.com/blog/working-with-the-community-%e2%80%93-significant-vulnerabilities-in-reolink-cameras/"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/mcw0/poc/blob/master/reolink-ipc-rce.py"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11001"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2019-11001"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11001"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "date": "2019-04-08T17:29:00.590000",
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142604"
          },
          {
            "date": "2019-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          },
          {
            "date": "2025-11-06T16:51:36.630000",
            "db": "NVD",
            "id": "CVE-2019-11001"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Reolink In product  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003252"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-330"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0642

    Vulnerability from variot - Updated: 2025-11-18 12:25

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0642",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40407",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40407",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-12811",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-40407",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40407",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40407",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40407",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40407",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40407",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12811",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2354",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns-\u003edomain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40407",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "id": "VAR-202201-0642",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          }
        ]
      },
      "last_update_date": "2025-11-18T12:25:15.387000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Operating System Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319041"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180345"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40407"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-40407"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "date": "2023-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "date": "2022-01-28T20:15:11.607000",
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          },
          {
            "date": "2023-04-21T06:42:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018249"
          },
          {
            "date": "2025-11-03T18:59:38.180000",
            "db": "NVD",
            "id": "CVE-2021-40407"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink RLC-410W Operating System Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2354"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0654

    Vulnerability from variot - Updated: 2025-01-30 20:10

    An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. reolink RLC-410W There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    There is an access control error vulnerability in cgiserver.cgi cgi_check_ability of Reolink RLC-410W v3.0.0.136_20121102, which can be exploited by attackers to cause denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0654",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40414",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40414",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10735",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40414",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40414",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40414",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40414",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40414",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10735",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2359",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. reolink RLC-410W There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nThere is an access control error vulnerability in cgiserver.cgi cgi_check_ability of Reolink RLC-410W v3.0.0.136_20121102, which can be exploited by attackers to cause denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40414",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1425",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "id": "VAR-202201-0654",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "IP camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          }
        ]
      },
      "last_update_date": "2025-01-30T20:10:56.094000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10735)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319306"
          },
          {
            "title": "Reolink Rlc-410W Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180349"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1425"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40414"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "date": "2022-01-28T20:15:11.917000",
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10735"
          },
          {
            "date": "2023-04-18T05:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          },
          {
            "date": "2022-06-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          },
          {
            "date": "2024-11-21T06:24:05.110000",
            "db": "NVD",
            "id": "CVE-2021-40414"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability regarding improper default permissions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018218"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2359"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-1158

    Vulnerability from variot - Updated: 2024-11-23 22:44

    A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-1158",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40423",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40423",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12647",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40423",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40423",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40423",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40423",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40423",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12647",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2499",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40423",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1432",
            "trust": 2.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1432",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "id": "VAR-202201-1158",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:44:06.111000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-12647)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319086"
          },
          {
            "title": "Reolink Rlc-410W Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179792"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1432"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40423"
          },
          {
            "trust": 1.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1432"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "date": "2022-01-28T20:15:12.090000",
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12647"
          },
          {
            "date": "2023-04-18T04:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          },
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          },
          {
            "date": "2024-11-21T06:24:06.237000",
            "db": "NVD",
            "id": "CVE-2021-40423"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018215"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2499"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0648

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. reolink RLC-410W Exists in unspecified vulnerabilities.Information may be tampered with. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    The Reolink RLC-410W has an access control error vulnerability in v3.0.0.136_20121102 that stems from the device's factory binary not properly restricting resource access from unauthorized roles

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0648",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40419",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40419",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12814",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40419",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40419",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-40419",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40419",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40419",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40419",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12814",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2465",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A firmware update vulnerability exists in the \u0027factory\u0027 binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. reolink RLC-410W Exists in unspecified vulnerabilities.Information may be tampered with. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nThe Reolink RLC-410W has an access control error vulnerability in v3.0.0.136_20121102 that stems from the device\u0027s factory binary not properly restricting resource access from unauthorized roles",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40419",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1428",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "id": "VAR-202201-0648",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:22.038000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink Rlc-410W Access Control Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319036"
          },
          {
            "title": "Reolink Rlc-410W Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182132"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-489",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1428"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40419"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "date": "2022-01-28T20:15:12.047000",
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12814"
          },
          {
            "date": "2023-04-20T01:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          },
          {
            "date": "2024-11-21T06:24:05.810000",
            "db": "NVD",
            "id": "CVE-2021-40419"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018235"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2465"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0660

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. An attacker could exploit this vulnerability to cause command execution by sending a specially crafted HTTP request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0660",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40410",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40410",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-37403",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-40410",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40410",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40410",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40410",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40410",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40410",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-37403",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2350",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data-\u003edns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. An attacker could exploit this vulnerability to cause command execution by sending a specially crafted HTTP request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40410",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "id": "VAR-202201-0660",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:22.011000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W OS Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/332921"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180341"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40410"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "date": "2022-01-28T20:15:11.740000",
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37403"
          },
          {
            "date": "2023-04-18T05:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          },
          {
            "date": "2024-11-21T06:24:04.533000",
            "db": "NVD",
            "id": "CVE-2021-40410"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018222"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2350"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0656

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. reolink RLC-410W Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0656",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21199",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-21199",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-10268",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-21199",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2022-21199",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21199",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21199",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21199",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21199",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10268",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2348",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21199",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. reolink RLC-410W Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21199",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1448",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268",
            "trust": 0.6
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1448",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "id": "VAR-202201-0656",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.955000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Information Disclosure Vulnerability (CNVD-2022-10268)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319326"
          },
          {
            "title": "Reolink Rlc-410W Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182348"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-321",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21199"
          },
          {
            "trust": 1.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1448"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1448"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "date": "2022-01-28T20:15:12.323000",
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10268"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21199"
          },
          {
            "date": "2023-04-20T01:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          },
          {
            "date": "2024-11-21T06:44:05.567000",
            "db": "NVD",
            "id": "CVE-2022-21199"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability in using hard-coded credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004588"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2348"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0653

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    Reolink RLC-410W has a security vulnerability in version v3.0.0.136_20121102, which is caused by a boundary error when the TestEmail function handles untrusted input

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0653",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21217",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-21217",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12818",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21217",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2022-21217",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21217",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21217",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21217",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21217",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12818",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2487",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21217",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nReolink RLC-410W has a security vulnerability in version v3.0.0.136_20121102, which is caused by a boundary error when the TestEmail function handles untrusted input",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21217",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1445",
            "trust": 1.7
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1445",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "id": "VAR-202201-0653",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.917000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W TestEmail function out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319016"
          },
          {
            "title": "Reolink Rlc-410W Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=182353"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-457",
            "trust": 1.0
          },
          {
            "problemtype": "Use of uninitialized resources (CWE-908) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1445"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21217"
          },
          {
            "trust": 1.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1445"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "date": "2022-01-28T20:15:12.370000",
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12818"
          },
          {
            "date": "2023-07-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21217"
          },
          {
            "date": "2023-04-20T01:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          },
          {
            "date": "2023-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          },
          {
            "date": "2024-11-21T06:44:08.200000",
            "db": "NVD",
            "id": "CVE-2022-21217"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability in using uninitialized resources in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004587"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2487"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0650

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. The vulnerability arises from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands. An attacker could exploit this vulnerability to inject and execute arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0650",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "digital technology rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40408",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40408",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-08446",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40408",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40408",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40408",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40408",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40408",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40408",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08446",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2355",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns-\u003eusername variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. The vulnerability arises from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands. An attacker could exploit this vulnerability to inject and execute arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40408",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "id": "VAR-202201-0650",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.891000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317866"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180346"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40408"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "date": "2022-01-28T20:15:11.650000",
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08446"
          },
          {
            "date": "2023-04-18T05:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          },
          {
            "date": "2024-11-21T06:24:04.257000",
            "db": "NVD",
            "id": "CVE-2021-40408"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018224"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2355"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0655

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0655",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40411",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40411",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-12809",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-40411",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40411",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40411",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40411",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40411",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40411",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12809",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2351",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data-\u003edns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40411",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "id": "VAR-202201-0655",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.863000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Operating System Command Injection Vulnerability (CNVD-2022-12809)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319076"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180342"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40411"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "date": "2022-01-28T20:15:11.783000",
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12809"
          },
          {
            "date": "2023-04-18T05:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          },
          {
            "date": "2024-11-21T06:24:04.670000",
            "db": "NVD",
            "id": "CVE-2021-40411"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018221"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2351"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0661

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0661",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40416",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40416",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10725",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40416",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40416",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40416",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40416",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40416",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40416",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10725",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2356",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40416",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1425",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "id": "VAR-202201-0661",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.838000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10725)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319316"
          },
          {
            "title": "Reolink Rlc-410W Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180347"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1425"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "date": "2022-01-28T20:15:12.007000",
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10725"
          },
          {
            "date": "2023-04-18T04:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          },
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          },
          {
            "date": "2024-11-21T06:24:05.390000",
            "db": "NVD",
            "id": "CVE-2021-40416"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability regarding improper default permissions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018216"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2356"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0649

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Reolink RLC-410W Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0649",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "digital technology rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21236",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-21236",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-08444",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21236",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-21236",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21236",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21236",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21236",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21236",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08444",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2353",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21236",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Reolink RLC-410W Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21236",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1446",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "id": "VAR-202201-0649",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.809000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317856"
          },
          {
            "title": "Reolink Rlc-410W Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182349"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-552",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-219",
            "trust": 1.0
          },
          {
            "problemtype": "Externally accessible file or directory (CWE-552) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1446"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21236"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/552.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "date": "2022-01-28T20:15:12.417000",
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21236"
          },
          {
            "date": "2023-04-18T04:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004544"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          },
          {
            "date": "2024-11-21T06:44:10.330000",
            "db": "NVD",
            "id": "CVE-2022-21236"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink RLC-410W Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08444"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2353"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0644

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0644",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40409",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40409",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-12810",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40409",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40409",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40409",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40409",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40409",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40409",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12810",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2352",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns-\u003epassword variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40409",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "id": "VAR-202201-0644",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.781000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Operating System Command Injection Vulnerability (CNVD-2022-12810)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319061"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180343"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40409"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "date": "2022-01-28T20:15:11.697000",
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12810"
          },
          {
            "date": "2023-04-18T05:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          },
          {
            "date": "2024-11-21T06:24:04.393000",
            "db": "NVD",
            "id": "CVE-2021-40409"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018223"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2352"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0643

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. reolink RLC-410W Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. The vulnerability is caused by the failure to properly handle the input error message in the recv_command function

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0643",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21801",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-21801",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12816",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21801",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21801",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-21801",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21801",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21801",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21801",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12816",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2476",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21801",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. reolink RLC-410W Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. The vulnerability is caused by the failure to properly handle the input error message in the recv_command function",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21801",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1450",
            "trust": 1.7
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1450",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "id": "VAR-202201-0643",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.752000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W netserver recv_command denial of service vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319026"
          },
          {
            "title": "Reolink Rlc-410W Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180381"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.0
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1450"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21801"
          },
          {
            "trust": 1.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1450"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/190.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "date": "2022-01-28T20:15:12.507000",
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12816"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21801"
          },
          {
            "date": "2023-04-20T00:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          },
          {
            "date": "2024-11-21T06:45:27.783000",
            "db": "NVD",
            "id": "CVE-2022-21801"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004585"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2476"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0658

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0658",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "digital technology rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40404",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40404",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-08445",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40404",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40404",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-40404",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40404",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40404",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40404",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08445",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2347",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-40404",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40404",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1420",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "id": "VAR-202201-0658",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.722000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Authentication Bypass Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317861"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/aredspy/ReoLink-Reboot "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/aredspy/script "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1420"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40404"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/aredspy/reolink-reboot"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "date": "2022-01-28T20:15:11.520000",
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08445"
          },
          {
            "date": "2022-08-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40404"
          },
          {
            "date": "2023-04-18T05:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          },
          {
            "date": "2024-11-21T06:24:03.617000",
            "db": "NVD",
            "id": "CVE-2021-40404"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Authentication vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018226"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2347"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0657

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. reolink RLC-410W for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0657",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40412",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40412",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10726",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-40412",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-40412",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40412",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40412",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40412",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40412",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10726",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2349",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. reolink RLC-410W for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40412",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1424",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "id": "VAR-202201-0657",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.694000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Operating System Command Injection Vulnerability (CNVD-2022-10726)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319311"
          },
          {
            "title": "Reolink Rlc-410W Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180340"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1424"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40412"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "date": "2022-01-28T20:15:11.827000",
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10726"
          },
          {
            "date": "2023-04-18T05:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          },
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          },
          {
            "date": "2024-11-21T06:24:04.823000",
            "db": "NVD",
            "id": "CVE-2021-40412"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018220"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2349"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0652

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0652",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40413",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40413",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10724",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40413",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40413",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40413",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40413",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40413",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10724",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2360",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40413",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1425",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "id": "VAR-202201-0652",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.667000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10724)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319321"
          },
          {
            "title": "Reolink Rlc-410W Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180350"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1425"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40413"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "date": "2022-01-28T20:15:11.870000",
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10724"
          },
          {
            "date": "2023-04-18T05:10:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          },
          {
            "date": "2022-06-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          },
          {
            "date": "2024-11-21T06:24:04.970000",
            "db": "NVD",
            "id": "CVE-2021-40413"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability regarding improper default permissions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018219"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2360"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0651

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    Reolink RLC-410W has a security vulnerability in version v3.0.0.136_20121102. The vulnerability stems from the fact that the product parse_command_list function does not properly validate the input data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0651",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21796",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-21796",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12819",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21796",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21796",
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.2,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-21796",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21796",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21796",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21796",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12819",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2494",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21796",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nReolink RLC-410W has a security vulnerability in version v3.0.0.136_20121102. The vulnerability stems from the fact that the product parse_command_list function does not properly validate the input data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21796",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1451",
            "trust": 1.7
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1451",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "id": "VAR-202201-0651",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.638000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W parse_command_list function memory corruption vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319011"
          },
          {
            "title": "Reolink Rlc-410W Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=180393"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1451"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21796"
          },
          {
            "trust": 1.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1451"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "date": "2022-01-28T20:15:12.463000",
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12819"
          },
          {
            "date": "2023-07-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21796"
          },
          {
            "date": "2023-04-20T01:01:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          },
          {
            "date": "2023-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          },
          {
            "date": "2024-11-21T06:45:27.100000",
            "db": "NVD",
            "id": "CVE-2022-21796"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004586"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2494"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0659

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. reolink RLC-410W Exists in a digital signature verification vulnerability.Information may be tampered with. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    The Reolink RLC-410W v3.0.0.136_20121102 version has a data forgery vulnerability, which is caused by the network system or product not fully verifying the source or authenticity of the data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0659",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w v3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21134",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-21134",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-12817",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-21134",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2022-21134",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-21134",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21134",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2022-21134",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21134",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12817",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2479",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21134",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A firmware update vulnerability exists in the \u0026quot;update\u0026quot; firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. reolink RLC-410W Exists in a digital signature verification vulnerability.Information may be tampered with. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nThe Reolink RLC-410W v3.0.0.136_20121102 version has a data forgery vulnerability, which is caused by the network system or product not fully verifying the source or authenticity of the data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21134",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1447",
            "trust": 1.7
          },
          {
            "db": "TALOS",
            "id": "TALOS-2022-1447",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "id": "VAR-202201-0659",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.607000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Data Forgery Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/319021"
          },
          {
            "title": "Reolink RLC-410W Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183813"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-347",
            "trust": 1.0
          },
          {
            "problemtype": "Improper verification of digital signatures (CWE-347) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1447"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21134"
          },
          {
            "trust": 1.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1447"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/347.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "date": "2023-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "date": "2022-01-28T20:15:12.277000",
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12817"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21134"
          },
          {
            "date": "2023-04-20T01:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          },
          {
            "date": "2024-11-21T06:43:57.940000",
            "db": "NVD",
            "id": "CVE-2022-21134"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Digital Signature Verification Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004589"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2479"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0646

    Vulnerability from variot - Updated: 2024-11-23 21:33

    An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. Reolink Rlc-410W is a Wifi security camera from China Reolink company.

    An access control error vulnerability exists in Reolink RLC-410W v3.0.0.136_20121102, which originates from cgiserver.cgi cgi_check_ability not properly restricting resource access from unauthorized roles. An attacker could trigger the vulnerability to cause a denial of service by sending an HTTP request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0646",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "digital technology rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40415",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40415",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-08448",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40415",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40415",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-40415",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40415",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40415",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40415",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08448",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2362",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. Reolink Rlc-410W is a Wifi security camera from China Reolink company. \n\r\n\r\nAn access control error vulnerability exists in Reolink RLC-410W v3.0.0.136_20121102, which originates from cgiserver.cgi cgi_check_ability not properly restricting resource access from unauthorized roles. An attacker could trigger the vulnerability to cause a denial of service by sending an HTTP request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40415",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1425",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "id": "VAR-202201-0646",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.553000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W cgi_check_ability Access Control Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317876"
          },
          {
            "title": "Reolink Rlc-410W Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180351"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1425"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40415"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "date": "2022-01-28T20:15:11.960000",
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08448"
          },
          {
            "date": "2023-04-18T05:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          },
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          },
          {
            "date": "2024-11-21T06:24:05.243000",
            "db": "NVD",
            "id": "CVE-2021-40415"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Vulnerability regarding improper default permissions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018217"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2362"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0645

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Digital Technology of RLC-410w A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0645",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136 20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w",
            "scope": null,
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40405",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-40405",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-08447",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-40405",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-40405",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-40405",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40405",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40405",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40405",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08447",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2357",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-40405",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Digital Technology of RLC-410w A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40405",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1422",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "id": "VAR-202201-0645",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.523000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Reolink RLC-410W cgiserver.cgi Upgrade API Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317871"
          },
          {
            "title": "Reolink RLC-410W Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179617"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-404",
            "trust": 1.0
          },
          {
            "problemtype": "Improper shutdown and release of resources (CWE-404) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1422"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40405"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-40405/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/404.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "date": "2022-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "date": "2023-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "date": "2022-04-14T20:15:08.937000",
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08447"
          },
          {
            "date": "2022-04-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40405"
          },
          {
            "date": "2023-07-27T08:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          },
          {
            "date": "2022-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          },
          {
            "date": "2024-11-21T06:24:03.770000",
            "db": "NVD",
            "id": "CVE-2021-40405"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink\u00a0Digital\u00a0Technology\u00a0 of \u00a0RLC-410w\u00a0 Improper Shutdown and Release of Resources in Firmware Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019405"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2357"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0647

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0647",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "digital technology rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-40406",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-40406",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-08449",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40406",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40406",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40406",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-40406",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40406",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-08449",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2358",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-40406",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40406",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1423",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012706",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "id": "VAR-202201-0647",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:21.493000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "Patch for Reolink RLC-410W Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/317881"
          },
          {
            "title": "Reolink Rlc-410W Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180348"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          },
          {
            "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1423"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40406"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012706"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2021-40406"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "date": "2022-01-28T20:15:11.567000",
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-08449"
          },
          {
            "date": "2022-09-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40406"
          },
          {
            "date": "2023-04-18T05:44:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          },
          {
            "date": "2022-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          },
          {
            "date": "2024-11-21T06:24:03.950000",
            "db": "NVD",
            "id": "CVE-2021-40406"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Resource exhaustion vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018225"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2358"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0806

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0806",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44374",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44374",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-37389",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44374",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44374",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44374",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44374",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-37389",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2415",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44374",
            "trust": 2.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "id": "VAR-202201-0806",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.747000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44374"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "date": "2022-01-28T22:15:12.140000",
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          },
          {
            "date": "2024-11-21T06:30:49.027000",
            "db": "NVD",
            "id": "CVE-2021-44374"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-37389)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37389"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2415"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0820

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0820",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44395",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44395",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10732",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44395",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44395",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-44395",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44395",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44395",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-44395",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10732",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2387",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44395",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "id": "VAR-202201-0820",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.720000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44395"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "date": "2023-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "date": "2022-01-28T22:15:13.167000",
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10732"
          },
          {
            "date": "2023-04-10T08:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          },
          {
            "date": "2024-11-21T06:30:52.250000",
            "db": "NVD",
            "id": "CVE-2021-44395"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2387"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0797

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0797",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44403",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44403",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10730",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44403",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44403",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-44403",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44403",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44403",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-44403",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10730",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2378",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44403",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "id": "VAR-202201-0797",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.694000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44403"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "date": "2023-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "date": "2022-01-28T22:15:13.523000",
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10730"
          },
          {
            "date": "2023-04-10T07:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          },
          {
            "date": "2024-11-21T06:30:53.400000",
            "db": "NVD",
            "id": "CVE-2021-44403"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004387"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2378"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0829

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0829",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44385",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44385",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-12648",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44385",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44385",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-44385",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44385",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44385",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-44385",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-12648",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2395",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44385",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "id": "VAR-202201-0829",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.667000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44385"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "date": "2023-04-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "date": "2022-01-28T22:15:12.600000",
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-12648"
          },
          {
            "date": "2023-04-12T01:18:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          },
          {
            "date": "2022-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          },
          {
            "date": "2024-11-21T06:30:50.660000",
            "db": "NVD",
            "id": "CVE-2021-44385"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004442"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2395"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0824

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0824",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44402",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44402",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10729",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44402",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44402",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-44402",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44402",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44402",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-44402",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10729",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2379",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-44402",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44402",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "id": "VAR-202201-0824",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.637000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2021-44402 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44402"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2021-44402"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "date": "2022-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "date": "2023-04-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "date": "2022-01-28T22:15:13.483000",
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10729"
          },
          {
            "date": "2022-10-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44402"
          },
          {
            "date": "2023-04-14T07:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          },
          {
            "date": "2024-11-21T06:30:53.260000",
            "db": "NVD",
            "id": "CVE-2021-44402"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004507"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2379"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0844

    Vulnerability from variot - Updated: 2024-11-23 21:33

    Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0844",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44375",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-44375",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-37379",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44375",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44375",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44375",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44375",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-37379",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2406",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-44375",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44375",
            "trust": 2.3
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "id": "VAR-202201-0844",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.611000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44375"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-44375/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "date": "2022-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "date": "2022-04-14T20:15:09.417000",
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44375"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          },
          {
            "date": "2024-11-21T06:30:49.180000",
            "db": "NVD",
            "id": "CVE-2021-44375"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-37379)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37379"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2406"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0813

    Vulnerability from variot - Updated: 2024-11-23 21:33

    Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0813",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44394",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-44394",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-37380",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44394",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44394",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44394",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44394",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-37380",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2386",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-44394",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44394",
            "trust": 2.3
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "id": "VAR-202201-0813",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.585000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44394"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-44394/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "date": "2022-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "date": "2022-04-14T20:15:09.467000",
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-44394"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          },
          {
            "date": "2024-11-21T06:30:52.083000",
            "db": "NVD",
            "id": "CVE-2021-44394"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-37380)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-37380"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2386"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0839

    Vulnerability from variot - Updated: 2024-11-23 21:33

    A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0839",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "reolink",
            "version": "3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": "rlc-410w  firmware  3.0.0.136_20121102"
          },
          {
            "model": "rlc-410w",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "reolink digital",
            "version": null
          },
          {
            "model": "rlc-410w 3.0.0.136 20121102",
            "scope": null,
            "trust": 0.6,
            "vendor": "reolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-44410",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-44410",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-10264",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-44410",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-44410",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-44410",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-44410",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-44410",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-44410",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-10264",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2372",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-44410",
            "trust": 3.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1421",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "id": "VAR-202201-0839",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:33:19.559000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://reolink.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1421"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44410"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "date": "2023-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "date": "2022-01-28T22:15:13.903000",
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-10264"
          },
          {
            "date": "2023-04-18T08:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          },
          {
            "date": "2024-11-21T06:30:54.470000",
            "db": "NVD",
            "id": "CVE-2021-44410"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reolink\u00a0RLC-410W\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004573"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2372"
          }
        ],
        "trust": 0.6
      }
    }