CVE-2021-40419 - A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_201211

CVE-2021-40419

Summary

A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428

Vulnerable Configurations

cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102:*:*:*:*:*:*:*
cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102:*:*:*:*:*:*:*
cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:*
cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 30-09-2022 - 02:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

Last major update

30-09-2022 - 02:38

Published

28-01-2022 - 20:15

Last modified

30-09-2022 - 02:38