CVE-2021-40415 HIGH

CVE-2021-40415

Vendor N/A

Product n/a

Weakness CWE-284

Published January 28, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.

Key dates

02Disclosure timeline

January 28, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-40415

Related vulnerabilities

04Related CVE

CVE-2020-25160 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus CVE-2024-1092 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization CVE-2022-23981 WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability CVE-2025-23242 CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections