CVE-2021-44400 HIGH

CVE-2021-44400

Vendor N/A

Product n/a

Weakness CWE-20 · Input validation

Published January 28, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

January 28, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-44400

Related vulnerabilities

04Related CVE

CVE-2019-1720 Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability CVE-2020-3205 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability CVE-2018-15412 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities CVE-2022-45088 Local File Inclusion in Smartpower Web CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component