CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40416

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.7%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 6.5

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1425

Products affected by CVE-2021-40416

Reolink » Rlc-410w » Version: N/A

cpe:2.3:h:reolink:rlc-410w:-
Reolink » Rlc-410w Firmware » Version: 3.0.0.136_20121102

cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40416

Products

Pricing

Contact Us