Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Reolink Subscribe
Total 92 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44400 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44397 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44404 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44407 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44409 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44406 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44408 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44415 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44410 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44411 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44414 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44412 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44413 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44416 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44417 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44419 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-25 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40416 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-19 6.5 MEDIUM 8.8 HIGH
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44418 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-07 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-44396 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-07 6.8 MEDIUM 7.7 HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40415 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-10-05 6.8 MEDIUM 6.5 MEDIUM
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.