CVE-2021-44390 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 02/02/2022

The vulnerability identified as CVE-2021-44390 represents a critical denial of service condition within the cgiserver.cgi component of Reolink RLC-410W security cameras running firmware version v3.0.0.136_20121102. This issue resides in the JSON command parser functionality that processes HTTP requests containing configuration parameters for the device's web interface. The flaw manifests when the system receives a malformed HTTP request where the format parameter fails to conform to expected object structure, causing the device to enter an unstable state that ultimately results in automatic reboot. This vulnerability directly impacts the availability of the security camera system, potentially leaving surveillance coverage gaps during critical periods.

The technical implementation of this vulnerability stems from inadequate input validation within the JSON parser component of the web server daemon. When the cgiserver.cgi script processes incoming HTTP requests, it expects the format parameter to be a properly structured JSON object containing specific fields and data types. However, the parser lacks proper validation mechanisms to verify that the format parameter conforms to the expected object structure before attempting to process its contents. This parsing error triggers an unhandled exception that causes the web server process to crash and subsequently restarts the entire device. The vulnerability operates at the application layer and requires no authentication or privileged access to exploit, making it particularly dangerous for networked security devices.

From an operational perspective, this vulnerability poses significant risks to security infrastructure deployments where continuous monitoring is essential. The automatic reboot caused by this vulnerability can occur at any time without warning, potentially during security incidents or critical surveillance periods when the device is needed most. The impact extends beyond simple service disruption to create potential gaps in security coverage that attackers could exploit. Network administrators face challenges in maintaining consistent surveillance coverage while also managing the risk of unexpected device reboots. This vulnerability aligns with CWE-20: Improper Input Validation and follows ATT&CK technique T1499.004: Endpoint Denial of Service to achieve persistent disruption of security monitoring capabilities.

Mitigation strategies for CVE-2021-44390 should prioritize immediate firmware updates from Reolink to address the underlying parsing logic flaws. Organizations should implement network segmentation to isolate security cameras from critical systems and establish monitoring protocols to detect unexpected device reboots. Network administrators should consider implementing intrusion detection systems that can identify malformed HTTP requests targeting the specific cgiserver.cgi endpoint. Additionally, regular vulnerability assessments of networked security devices should be conducted to identify similar parsing vulnerabilities in other firmware components. The recommended approach includes disabling unnecessary web management interfaces when possible, implementing access control lists to restrict HTTP request sources, and maintaining detailed logs of device reboots for security incident analysis. Until firmware updates are deployed, organizations should consider network-level filtering to prevent unauthorized access to the affected device management interfaces.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01207

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!