CVE-2021-44395 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 02/02/2022

The CVE-2021-44395 vulnerability represents a critical denial of service condition affecting the Reolink RLC-410W security camera device running firmware version 3.0.0.136_20121102. This vulnerability specifically targets the cgiserver.cgi component which handles JSON command parsing operations within the device's web interface. The flaw manifests when the system processes HTTP requests containing malformed JSON data, particularly around the GetMask parameter handling. The vulnerability stems from insufficient input validation and improper error handling within the JSON parser implementation, creating a scenario where malformed data can cause the device to crash and subsequently reboot. This type of vulnerability falls under CWE-20, which describes improper input validation, and represents a classic example of a buffer overflow or parsing error that can be exploited to disrupt service availability.

The technical exploitation of this vulnerability requires an attacker to craft a specific HTTP request containing malformed JSON data with the GetMask parameter. When the device's cgiserver.cgi component attempts to parse this malformed input, the JSON parser fails to properly handle the unexpected data structure, leading to an uncontrolled system reboot. The vulnerability is particularly concerning because it operates at the application layer and requires minimal privileges to exploit, making it accessible to remote attackers without authentication. The device's response to this malformed input demonstrates a lack of robust error handling mechanisms and input sanitization, which are fundamental security practices that should prevent such conditions from causing system-wide failures. This vulnerability directly maps to ATT&CK technique T1499.004, which covers network denial of service attacks through manipulation of network services.

The operational impact of CVE-2021-44395 extends beyond simple service disruption, as it can potentially be used as a stepping stone for more sophisticated attacks. A malicious actor could repeatedly exploit this vulnerability to maintain persistent denial of service conditions, effectively rendering the security camera non-functional and compromising the surveillance capabilities of the affected system. The automatic reboot behavior creates a cascading effect where legitimate users cannot access the device's functionality, and security monitoring systems may be disrupted during the reboot process. Organizations relying on these devices for security monitoring face significant operational risks, as the vulnerability can be exploited remotely over the network without requiring physical access to the device. The affected firmware version indicates this vulnerability has existed for an extended period, suggesting that many installations may remain unpatched and vulnerable to exploitation. This type of vulnerability represents a critical gap in the device's security architecture and highlights the importance of proper input validation and defensive programming practices. The device's failure to properly validate JSON parameters before processing demonstrates a lack of adherence to secure coding practices that would prevent such conditions from causing system-wide failures and aligns with ATT&CK technique T1210, which covers exploitation of remote services through input manipulation.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01207

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!