CVE-2021-40423 HIGH

CVE-2021-40423

Vendor N/A

Product n/a

Weakness CWE-20 · Input validation

Published January 28, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

January 28, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-40423

Related vulnerabilities

04Related CVE

CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication CVE-2021-36035 Magento Commerce Stock Media Improper Input Validation Could Lead To Remote Code Execution CVE-2023-30448 IBM Db2 denial of service CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms CVE-2023-28981 Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash