CVE-2021-44400 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/02/2022

The vulnerability identified as CVE-2021-44400 represents a critical denial of service flaw within the Reolink RLC-410W security camera firmware version 3.0.0.136_20121102. This issue resides in the cgiserver.cgi component which processes JSON commands, specifically affecting the GetPtzPatrol parameter handling functionality. The vulnerability stems from inadequate input validation and parsing mechanisms that fail to properly handle malformed JSON structures, creating a pathway for malicious actors to disrupt normal system operations through carefully crafted HTTP requests.

The technical exploitation of this vulnerability occurs when an attacker sends a malformed HTTP request containing a specially crafted GetPtzPatrol parameter that does not conform to expected object structure. This improper parameter handling triggers a system reboot within the camera's firmware, effectively rendering the device unavailable for its intended surveillance purposes. The flaw demonstrates poor error handling and input validation practices where the JSON parser fails to gracefully process unexpected parameter formats, leading to system instability and complete service disruption. This vulnerability aligns with CWE-20, which addresses improper input validation, and specifically relates to CWE-129, improper validation of array indices, as the system fails to validate parameter structures before processing.

The operational impact of CVE-2021-44400 extends beyond simple service interruption to compromise the integrity of security infrastructure. Organizations relying on Reolink RLC-410W cameras for surveillance may experience complete loss of monitoring capabilities when targeted, potentially leaving critical areas vulnerable to unauthorized access or activity. The automated nature of the reboot mechanism means that even a single malicious request can cause extended downtime, particularly in environments where multiple cameras are interconnected and may trigger cascading failures. This vulnerability directly impacts the availability component of the CIA triad and can be classified under MITRE ATT&CK technique T1499.004 for network denial of service attacks, making it particularly concerning for security operations centers that depend on continuous monitoring.

Mitigation strategies for this vulnerability should prioritize immediate firmware updates from Reolink, as the manufacturer likely released patches addressing the JSON parsing flaw. Network segmentation and access controls should be implemented to limit direct exposure of these devices to untrusted networks, reducing attack surface. Organizations should also deploy intrusion detection systems capable of identifying malformed HTTP requests targeting known vulnerable parameters. Additional protective measures include implementing rate limiting on HTTP requests to cameras, monitoring for unusual reboot patterns, and establishing incident response procedures specifically addressing device availability compromises. Regular security assessments of networked devices should include verification of firmware versions and patch status to prevent similar vulnerabilities from persisting in operational environments.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01207

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!