Vulnerability Details CVE-2021-40407
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.473
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 7.5
Proposed Action
Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
Ransomware Campaign
Unknown
References
Products affected by CVE-2021-40407
-
cpe:2.3:h:reolink:rlc-410w:-
-
cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102