CRITICAL🇵🇱 Wersja polska

CVE-2021-40408

CVSS 9.8v3.1pub. 2022-01-28upd. 2024-11-21

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Reolink Rlc 410w

    HW
    Reolink
    wszystkie wersje
  • Reolink Rlc 410w Firmware

    OS
    Reolink
    3.0.0.136_20121102
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-21217CRITICAL9.8ten sam produkt

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.1...

CVE-2021-40409CRITICAL9.8ten sam produkt

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W ...

CVE-2021-40407HIGH7.2⚠ KEVten sam produkt

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W ...

CVE-2019-11001HIGH7.2⚠ KEVten sam produkt

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin ca...

CVE-2021-44354HIGH7.5ten sam produkt

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reo...