ID
VAR-201806-1895
TITLE
Reolink Camera Remote Command Execution Vulnerability
Trust: 0.6
DESCRIPTION
Shenzhen Ruilian Digital Technology Co., Ltd. is committed to developing leading Internet video products and video content services, providing cameras for security, sports, entertainment, nursing and other subdivision applications for the consumer market, and providing live broadcast, video sharing and Content services such as video cloud storage. Its Reolink brand enjoys high visibility and market share in video products in Europe and the United States. There is a remote command execution vulnerability in the Reolink camera. This vulnerability is caused by a command injection in a form in the advanced web settings function of the web management system of the camera. At the same time, some cameras in the network space use the default password, and the attacker can use the vulnerability to remotely execute arbitrary. command.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | reolink | model: | rlc-423 1288 18020711 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Reolink camera remote command execution vulnerability patch | url: | https://www.cnvd.org.cn/patchinfo/show/131493 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-11079 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/mcw0/poc/blob/master/reolink-ipc-rce.py | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-11079 |
LAST UPDATE DATE
2022-05-04T09:47:13.083000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-11079 | date: | 2018-06-08T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-11079 | date: | 2018-06-07T00:00:00 |