← Voltar para CVEs
CVE-2021-40407
HIGHCISA KEV7.2
Descricao
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado1/28/2022
Ultima modificacao11/3/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorReolink
ProdutoRLC-410W IP Camera
Nome da vulnerabilidadeReolink RLC-410W IP Camera OS Command Injection Vulnerability
Data inclusao KEV2024-12-18
Prazo de remediacao2025-01-08
Uso em ransomwareUnknown
Produtos afetados
reolink:rlc-410wreolink:rlc-410w_firmware
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40407(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.