CVE-2021-44404 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/02/2022

This vulnerability resides in the cgiserver.cgi component of reolink RLC-410W firmware version 3.0.0.136_20121102, specifically within the JSON command parser functionality that handles HTTP requests. The flaw manifests when processing the GetZoomFocus parameter, where the system fails to properly validate or handle malformed JSON input. This represents a classic input validation issue that falls under CWE-20, specifically related to improper input validation. The vulnerability allows an unauthenticated remote attacker to craft a malicious HTTP request that triggers a system reboot, effectively creating a denial of service condition that disrupts the camera's operational availability.

The technical implementation of this vulnerability stems from inadequate parsing of the JSON command structure within the cgi server component. When the system receives an HTTP request containing a GetZoomFocus parameter that does not conform to the expected object structure, the parser fails to gracefully handle this malformed input. This improper handling leads to a system crash or unexpected behavior that ultimately results in device reboot. The vulnerability is particularly concerning because it can be exploited remotely without requiring authentication, making it accessible to any attacker with network access to the device.

From an operational perspective, this vulnerability presents significant security implications for surveillance deployments using affected reolink devices. The denial of service condition can be easily triggered by sending a single malformed HTTP request, potentially causing continuous disruption to security monitoring operations. Organizations relying on these cameras for critical security functions may experience unauthorized service disruption, creating potential gaps in surveillance coverage. The vulnerability also demonstrates poor input sanitization practices that could be indicative of broader security weaknesses within the device's software architecture. This type of vulnerability aligns with ATT&CK technique T1499.004, which covers network denial of service attacks targeting network infrastructure.

Mitigation strategies should include immediate firmware updates from reolink to address the parsing flaw and implement network segmentation to limit access to affected devices. Network administrators should consider implementing intrusion detection systems that can identify and block malformed HTTP requests targeting the cgiserver.cgi component. Additionally, the device should be configured to restrict HTTP access to authorized network segments only, and regular security assessments should be conducted to identify similar input validation vulnerabilities. The vulnerability also highlights the importance of proper input validation and error handling in embedded systems, particularly those handling network communications in security-critical applications.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01207

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!