We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-40407



Description

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.

Reserved 2021-09-01 | Published 2022-01-28 | Updated 2024-12-21 | Assigner talos


CRITICAL: 9.1CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2024-12-18 | Due date 2025-01-08

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

talosintelligence.com/vulnerability_reports/TALOS-2021-1424

cve.org (CVE-2021-40407)

nvd.nist.gov (CVE-2021-40407)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-40407

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.