Shodan
Vulnerabilities
Vulnerable Software
Reolink:  Security Vulnerabilities
CVE-2021-40413
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-28
CVE-2021-40414
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-28
CVE-2021-40415
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-28
CVE-2020-25169
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-01-26
CVE-2020-25173
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
CVSS Score
7.8
EPSS Score
0.0
Published
2021-01-26
CVE-2019-11001
Known exploited
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
CVSS Score
7.2
EPSS Score
0.506
Published
2019-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved