CVE-2021-44365 : What You Need to Know
Learn about CVE-2021-44365, a high-risk denial of service vulnerability in Reolink RLC-410W v3.0.0.136_20121102. Discover its impact, affected systems, exploitation mechanism, and mitigation steps.
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102, allowing attackers to trigger a reboot via specially-crafted HTTP requests.
Understanding CVE-2021-44365
What is CVE-2021-44365?
The CVE-2021-44365 is a denial of service vulnerability in a specific version of Reolink RLC-410W, where a malicious HTTP request can cause a reboot.
The Impact of CVE-2021-44365
This vulnerability has a CVSS base score of 8.6 (High) and a HIGH impact on availability. Attackers can exploit it remotely with no privileges required, resulting in a denial of service.
Technical Details of CVE-2021-44365
Vulnerability Description
The issue lies in the cgiserver.cgi JSON command parser of the affected Reolink version. An attacker can exploit this by sending a crafted HTTP request.
Affected Systems and Versions
- Vendor: Reolink
- Product: RLC-410W
- Version: v3.0.0.136_20121102 (specifically affected)
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Attack Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Mitigation and Prevention
Immediate Steps to Take
- Disable external access to the affected device if not required
- Monitor network traffic for any suspicious activity
- Apply vendor patches or updates promptly
Long-Term Security Practices
- Regularly update and patch all software and firmware
- Implement network segmentation to minimize the attack surface
Patching and Updates
Apply the latest security patches released by Reolink for the RLC-410W camera.