CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40412
https://notcve.org/view.php?id=CVE-2021-40412
28 Jan 2022 — An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad device network settings del dispositivo de reolink RLC-410W versión v3.0.0.136_20121102. En [8] la variabl... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40410
https://notcve.org/view.php?id=CVE-2021-40410
28 Jan 2022 — An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad device network settings del dispositivo reolink RLC-410W versión v3.0.0.136_20121102. En [4] la vari... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40411
https://notcve.org/view.php?id=CVE-2021-40411
28 Jan 2022 — An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad device network settings del dispositivo reolink RLC-410W versión v3.0.0.136_20121102. En [6] la ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2021-40409
https://notcve.org/view.php?id=CVE-2021-40409
28 Jan 2022 — An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad device network settings del dispositivo reolink RLC-410W versión v3.0... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 1CVE-2021-40407 – Reolink RLC-410W IP Camera OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-40407
28 Jan 2022 — An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad devic... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2021-40408
https://notcve.org/view.php?id=CVE-2021-40408
28 Jan 2022 — An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad device network settings del dispositivo reolink RLC-410W versión v3.0... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40416
https://notcve.org/view.php?id=CVE-2021-40416
28 Jan 2022 — An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de permisos por defecto incorrectos en la funcionalidad cgi_check_ability en el archivo cgiserver.cgi de reolink RLC-410W versión v3.0.0.136_20121102. Todas la... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40415
https://notcve.org/view.php?id=CVE-2021-40415
28 Jan 2022 — An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. Se presenta una vulnerabilidad de permisos por defecto incorrectos en la funcionalidad cgi_check_ability en el archivo cgiserver.cgi de reolink RLC-410W versi... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40414
https://notcve.org/view.php?id=CVE-2021-40414
28 Jan 2022 — An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrativ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40413
https://notcve.org/view.php?id=CVE-2021-40413
28 Jan 2022 — An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de permiso incorrecto por defecto en la funcionalidad cgi_che... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •