← Retour aux CVEs
CVE-2021-40407
HIGHCISA KEV7.2
Description
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Details CVE
Score CVSS v3.17.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie1/28/2022
Derniere modification11/3/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurReolink
ProduitRLC-410W IP Camera
Nom vulnerabiliteReolink RLC-410W IP Camera OS Command Injection Vulnerability
Date ajout KEV2024-12-18
Date limite remediation2025-01-08
Utilise dans ransomwareUnknown
Produits affectes
reolink:rlc-410wreolink:rlc-410w_firmware
Faiblesses (CWE)
CWE-78CWE-78
References
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40407(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.