CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.498

EPSS Ranking 97.7%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

Proposed Action

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Ransomware Campaign

Unknown

References

Products affected by CVE-2019-11001

Reolink » C1 Pro » Version: N/A

cpe:2.3:h:reolink:c1_pro:-
Reolink » C2 Pro » Version: N/A

cpe:2.3:h:reolink:c2_pro:-
Reolink » Rlc-410w » Version: N/A

cpe:2.3:h:reolink:rlc-410w:-
Reolink » Rlc-422w » Version: N/A

cpe:2.3:h:reolink:rlc-422w:-
Reolink » Rlc-511w » Version: N/A

cpe:2.3:h:reolink:rlc-511w:-
Reolink » C1 Pro Firmware » Version: N/A

cpe:2.3:o:reolink:c1_pro_firmware:-
Reolink » C1 Pro Firmware » Version: 1.0.227

cpe:2.3:o:reolink:c1_pro_firmware:1.0.227
Reolink » C2 Pro Firmware » Version: N/A

cpe:2.3:o:reolink:c2_pro_firmware:-
Reolink » C2 Pro Firmware » Version: 1.0.227

cpe:2.3:o:reolink:c2_pro_firmware:1.0.227
Reolink » Rlc-410w Firmware » Version: N/A

cpe:2.3:o:reolink:rlc-410w_firmware:-
Reolink » Rlc-410w Firmware » Version: 1.0.227

cpe:2.3:o:reolink:rlc-410w_firmware:1.0.227
Reolink » Rlc-422w Firmware » Version: N/A

cpe:2.3:o:reolink:rlc-422w_firmware:-
Reolink » Rlc-422w Firmware » Version: 1.0.227

cpe:2.3:o:reolink:rlc-422w_firmware:1.0.227
Reolink » Rlc-511w Firmware » Version: N/A

cpe:2.3:o:reolink:rlc-511w_firmware:-
Reolink » Rlc-511w Firmware » Version: 1.0.227

cpe:2.3:o:reolink:rlc-511w_firmware:1.0.227

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11001

Products

Pricing

Contact Us