Reolink RLC-410W command execution | CVE-2021-40409
NAME
Reolink RLC-410W command execution
- Platforms Affected:
Reolink RLC-410W 3.0.0.136_20121102 - Risk Level:
9.1 - Exploitability:
Proof of Concept - Consequences:
Gain Access
DESCRIPTION
Reolink RLC-410W could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability in the device network settings functionality. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Reolink RLC-410W firmware (3.0.0.136_20210315 or later), available from the Reolink Web site. See References.
- Reference Link:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 - Reference Link:
https://reolink.com/us/product/rlc-410w/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.