SB2022012706 - Multiple vulnerabilities in Reolink RLC-410W
Published: January 27, 2022 Updated: December 18, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 66 secuirty vulnerabilities.
1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2022-21199)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected product uses a hard-coded cryptographic TLS key. A remote attacker can perform a man-in-the-middle attack and disclose sensitive information.
2) Active Debug Code (CVE-ID: CVE-2021-40419)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the firmware update issue in the "factory" binary of reolink. A remote attacker can send a specially crafted request and cause arbitrary firmware update.
3) Input validation error (CVE-ID: CVE-2022-21796)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the netserver parse_command_list functionality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2021-40406)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the cgiserver.cgi session creation functionality. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Information disclosure (CVE-ID: CVE-2022-21236)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a web server misconfiguration in the reolink. A remote attacker can gain unauthorized access to sensitive information on the system.
6) Improper access control (CVE-ID: CVE-2021-40404)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the cgiserver.cgi Login functionality. A remote attacker can bypass implemented security restrictions.
7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-21134)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a signature management issue in the "update" firmware checks functionality. A remote attacker can send a specially crafted request and update the firmware.
8) OS Command Injection (CVE-ID: CVE-2021-40412)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetDevName - name" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) OS Command Injection (CVE-ID: CVE-2021-40411)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetLocalLink - dns2" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) OS Command Injection (CVE-ID: CVE-2021-40410)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetLocalLink - dns1" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) OS Command Injection (CVE-ID: CVE-2021-40409)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetDdns - password" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) OS Command Injection (CVE-ID: CVE-2021-40408)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetDdns - userName" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) OS Command Injection (CVE-ID: CVE-2021-40407)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in "SetDdns - domain" in the device network settings functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Improper access control (CVE-ID: CVE-2021-40416)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in "Get APIs" in the cgiserver.cgi cgi_check_ability functionality. A remote authenticated attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
15) Improper access control (CVE-ID: CVE-2021-40415)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in "Format" in the cgiserver.cgi cgi_check_ability functionality. A remote authenticated attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
16) Improper access control (CVE-ID: CVE-2021-40414)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in "SetMdAlarm" in the cgiserver.cgi cgi_check_ability functionality. A remote authenticated attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
17) Improper access control (CVE-ID: CVE-2021-40413)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in "UpgradePrepare" in the cgiserver.cgi cgi_check_ability functionality. A remote authenticated attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
18) Improper access control (CVE-ID: CVE-2021-40405)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the cgiserver.cgi Upgrade API functionality. A remote authenticated attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
19) Out-of-bounds write (CVE-ID: CVE-2022-21217)
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the device TestEmail functionality. A remote administrator can create a specially crafted HTTP request, trigger out-of-bounds write and execute arbitrary code on the target system.
20) Integer overflow (CVE-ID: CVE-2022-21801)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the netserver recv_command functionality. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
21) Input validation error (CVE-ID: CVE-2021-44398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when rtmp=stop param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2021-44397)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when rtmp=start param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2021-44396)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when Preview param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
24) Input validation error (CVE-ID: CVE-2021-44395)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetMask param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2021-44394)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetOsd param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2021-44393)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetIsp param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2021-44392)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetImage param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
28) Input validation error (CVE-ID: CVE-2021-44391)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetEnc param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2021-44390)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when Format param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2021-44389)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when GetAbility param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2021-44388)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when Login param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
32) Input validation error (CVE-ID: CVE-2021-44387)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPtzPreset param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2021-44386)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPtzPatrol param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2021-44385)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPtzSerial param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2021-44384)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPtzTattern param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
36) Input validation error (CVE-ID: CVE-2021-44383)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetAutoUpgrade param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
37) Input validation error (CVE-ID: CVE-2021-44382)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetIrLights param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2021-44381)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPowerLed param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
39) Input validation error (CVE-ID: CVE-2021-44380)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetTime param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2021-44379)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetAutoMaint param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2021-44378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetEnc param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2021-44377)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetImage param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
43) Input validation error (CVE-ID: CVE-2021-44376)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetIsp param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
44) Input validation error (CVE-ID: CVE-2021-44375)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetOsd param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
45) Input validation error (CVE-ID: CVE-2021-44374)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetMask param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2021-44373)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetAutoFocus param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
47) Input validation error (CVE-ID: CVE-2021-44372)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetLocalLink param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
48) Input validation error (CVE-ID: CVE-2021-44371)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetEmail param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2021-44370)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetFtp param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
50) Input validation error (CVE-ID: CVE-2021-44369)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetNtp param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
51) Input validation error (CVE-ID: CVE-2021-44368)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetNetPort param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
52) Input validation error (CVE-ID: CVE-2021-44367)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetUpnp param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
53) Input validation error (CVE-ID: CVE-2021-44366)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetP2p param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
54) Input validation error (CVE-ID: CVE-2021-44365)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetDevName param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
55) Input validation error (CVE-ID: CVE-2021-44364)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetWifi param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
56) Input validation error (CVE-ID: CVE-2021-44363)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetPush param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
57) Input validation error (CVE-ID: CVE-2021-44362)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetCloudSchedule param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
58) Input validation error (CVE-ID: CVE-2021-44361)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when Set3G param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
59) Input validation error (CVE-ID: CVE-2021-44359)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetCrop param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
60) Input validation error (CVE-ID: CVE-2021-44360)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetNorm param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2021-44358)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetRec param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
62) Input validation error (CVE-ID: CVE-2021-44357)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetAlarm param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
63) Input validation error (CVE-ID: CVE-2021-44356)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetAudioAlarm param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
64) Input validation error (CVE-ID: CVE-2021-44355)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when SetMdAlarm param is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
65) Input validation error (CVE-ID: CVE-2021-44354)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi JSON command parser functionality when JSON command is not object. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
66) Input validation error (CVE-ID: CVE-2021-40423)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cgiserver.cgi API command parser functionality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1448
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1428
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1451
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1423
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1446
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1420
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1447
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1424
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1425
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1422
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1445
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1450
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1421
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1432