CVE-2021-40415
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.
Se presenta una vulnerabilidad de permisos por defecto incorrectos en la funcionalidad cgi_check_ability en el archivo cgiserver.cgi de reolink RLC-410W versión v3.0.0.136_20121102. En cgi_check_ability el Formato API no presenta un caso específico, el permiso del usuario será por defecto el 7. Esto dará a usuarios no administrativos la posibilidad de formatear la tarjeta SD y reiniciar el dispositivo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-01 CVE Reserved
- 2022-01-28 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Reolink Search vendor "Reolink" | Rlc-410w Firmware Search vendor "Reolink" for product "Rlc-410w Firmware" | 3.0.0.136_20121102 Search vendor "Reolink" for product "Rlc-410w Firmware" and version "3.0.0.136_20121102" | - |
Affected
| in | Reolink Search vendor "Reolink" | Rlc-410w Search vendor "Reolink" for product "Rlc-410w" | - | - |
Safe
|