Vulnerabilities (CVE)

Filtered by vendor Reolink Subscribe
Filtered by product Rlc-410w Firmware
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40410 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 6.5 MEDIUM 7.2 HIGH
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection.
CVE-2021-40409 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.
CVE-2021-40408 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.
CVE-2021-40407 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40406 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40405 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40404 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2019-11001 1 Reolink 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more 2024-11-21 9.0 HIGH 7.2 HIGH
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.