CVE-2021-44359 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 02/02/2022

The vulnerability identified as CVE-2021-44359 represents a critical denial of service weakness within the reolink RLC-410W security camera firmware version 3.0.0.136_20121102. This issue manifests in the cgiserver.cgi component's JSON command parser functionality, which serves as a primary interface for device configuration and management operations. The device operates under the assumption that incoming JSON parameters will conform to expected data structures, specifically expecting certain parameters to be objects rather than simple values. When an attacker crafts a malformed HTTP request containing a SetCrop parameter that does not adhere to the expected object format, the parser fails to handle this unexpected input gracefully.

The technical flaw stems from inadequate input validation and error handling within the JSON parsing mechanism of the camera's web server component. According to CWE-20, this vulnerability falls under the category of "Improper Input Validation" where the system fails to properly validate the structure and format of incoming data before processing it. The specific implementation error occurs when the cgiserver.cgi script attempts to parse the SetCrop parameter without proper type checking, leading to a critical execution path that results in system instability. The parser's failure to properly handle malformed JSON input causes the device to crash and subsequently reboot, effectively rendering the security camera inoperative for the duration of the restart process.

The operational impact of this vulnerability extends beyond simple service disruption, as it can be exploited by remote attackers without requiring authentication credentials. This makes it particularly dangerous in environments where security cameras are deployed in critical infrastructure or surveillance systems. The reboot effect creates a denial of service condition that can be repeatedly triggered, potentially leading to persistent availability issues for the camera system. Network administrators may experience intermittent loss of video feeds and monitoring capabilities, which could compromise security operations and create blind spots in surveillance coverage. The vulnerability's exploitation requires only basic HTTP request crafting skills and can be automated, making it accessible to attackers with minimal technical expertise.

Mitigation strategies for CVE-2021-44359 should focus on both immediate defensive measures and long-term firmware updates. Organizations should implement network segmentation to isolate affected devices from critical network segments and apply firewall rules to restrict access to the camera's web interface. The most effective long-term solution involves updating the device firmware to a version that properly validates JSON input parameters and implements robust error handling mechanisms. According to ATT&CK framework category T1499, this vulnerability represents a denial of service attack vector that can be classified under "Endpoint Denial of Service" techniques. Security teams should also consider implementing intrusion detection systems that can identify and block suspicious HTTP request patterns targeting the cgiserver.cgi endpoint, particularly those containing malformed JSON parameters with unexpected data types. Regular vulnerability assessments and network monitoring should be conducted to identify other potentially affected devices within the organization's infrastructure.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01145

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!