CVE-2021-44409 in RLC-410Winfo

Summary

by MITRE • 01/29/2022

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/02/2022

This vulnerability resides in the cgiserver.cgi component of reolink RLC-410W security camera firmware version 3.0.0.136_20121102, representing a denial of service condition that can be exploited through improper input validation in the JSON command parser. The flaw manifests when the system processes HTTP requests containing the TestWifi parameter, which is expected to be a structured object but is instead being treated as a scalar value. This misinterpretation of data type creates a parsing inconsistency that ultimately results in system instability and forced device reboot. The vulnerability falls under CWE-20, representing improper input validation, and specifically demonstrates weaknesses in data parsing and parameter handling within web server components.

The technical exploitation of this vulnerability occurs through crafted HTTP requests that manipulate the TestWifi parameter in ways that cause the JSON parser to fail during processing. When the system attempts to parse a malformed JSON structure where TestWifi is not properly formatted as an object, the parsing routine encounters unexpected data types that trigger an unhandled exception. This exception propagates through the system's error handling mechanisms and ultimately leads to a system crash or reboot, effectively denying legitimate users access to the device functionality. The attack vector is particularly concerning as it requires no authentication and can be executed remotely through standard HTTP protocols, making it accessible to any attacker with network connectivity to the device.

The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise device availability and integrity within security infrastructure deployments. Security cameras like the RLC-410W serve critical monitoring functions in both residential and commercial environments, where continuous operation is essential for security purposes. A successful exploitation could result in extended periods of monitoring gaps, creating security vulnerabilities for the protected premises. The device reboot also has implications for logging capabilities and system state persistence, potentially causing loss of recent security events or configuration data. From an attacker perspective, this vulnerability aligns with ATT&CK technique T1499.004 for network denial of service, and represents a low-effort, high-impact method for disrupting security operations.

Mitigation strategies for this vulnerability should focus on both immediate remediation and long-term architectural improvements. The primary solution involves updating the device firmware to a version that properly validates JSON parameter types and implements robust error handling for malformed input. Network administrators should also implement access controls and network segmentation to limit exposure of these devices to untrusted networks. Additional protective measures include monitoring for unusual reboot patterns, implementing network-based intrusion detection systems that can identify malformed HTTP requests targeting this specific vulnerability, and establishing regular firmware update policies for all network-connected security devices. The vulnerability demonstrates the importance of input validation in web server components and highlights the need for proper error handling in embedded systems that process user-supplied data.

Reservation

11/29/2021

Disclosure

01/29/2022

Moderation

accepted

CPE

ready

EPSS

0.01207

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!