cbcvebase.

Reolink Rlc-410W Firmware vulnerabilities

88 known vulnerabilities affecting reolink/rlc-410w_firmware.

Total CVEs
88
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH81MEDIUM4

Vulnerabilities

Page 2 of 5
CVE-2021-40413P3HIGHCVSS 7.1v3.0.0.136_201211022022-01-28
CVE-2021-40413 [HIGH] CWE-284 CVE-2021-40413: An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. A
nvd
CVE-2021-40404P3MEDIUMCVSS 6.5v3.0.0.136_201211022022-01-28
CVE-2021-40404 [MEDIUM] CWE-284 CVE-2021-40404: An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RL An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44389P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44389 [HIGH] CWE-20 CVE-2021-44389: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44401P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44401 [HIGH] CWE-20 CVE-2021-44401: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44409P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44409 [HIGH] CWE-20 CVE-2021-44409: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44415P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44415 [HIGH] CWE-20 CVE-2021-44415: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44419P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44419 [HIGH] CWE-20 CVE-2021-44419: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44407P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44407 [HIGH] CWE-20 CVE-2021-44407: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44402P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44402 [HIGH] CWE-20 CVE-2021-44402: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44391P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44391 [HIGH] CWE-20 CVE-2021-44391: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44399P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44399 [HIGH] CWE-20 CVE-2021-44399: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44418P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44418 [HIGH] CWE-20 CVE-2021-44418: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44393P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44393 [HIGH] CWE-20 CVE-2021-44393: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44395P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44395 [HIGH] CWE-20 CVE-2021-44395: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44390P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44390 [HIGH] CWE-20 CVE-2021-44390: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44397P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44397 [HIGH] CWE-20 CVE-2021-44397: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44403P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44403 [HIGH] CWE-20 CVE-2021-44403: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44385P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44385 [HIGH] CWE-20 CVE-2021-44385: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44416P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44416 [HIGH] CWE-20 CVE-2021-44416: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2021-44408P3HIGHCVSS 7.7v3.0.0.136_201211022022-01-28
CVE-2021-44408 [HIGH] CWE-20 CVE-2021-44408: A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of r A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.
nvd
Reolink Rlc-410W Firmware vulnerabilities | cvebase