We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Reserved 2021-09-01 | Published 2022-01-28 | Updated 2024-12-21 | Assigner talosDate added 2024-12-18 | Due date 2025-01-08
The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
talosintelligence.com/vulnerability_reports/TALOS-2021-1424
Support options