ID
VAR-201901-1690
TITLE
Reolink camera has multiple vulnerabilities
Trust: 0.6
DESCRIPTION
Shenzhen Ruilian Digital Technology Co., Ltd. is committed to developing leading Internet video products and video content services, providing cameras for security, sports, entertainment, nursing and other subdivision applications for the consumer market, and providing live broadcast, video sharing and Content services such as video cloud storage. The Reolink camera has a remote command execution vulnerability and two unauthorized stack overflow vulnerabilities. An attacker could use a remote command execution vulnerability in conjunction with the default credentials admin: empty or weak passwords to bypass the authentication limit and remotely take over the camera.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | reolink | model: | rlc-423 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | reolink | model: | rlc 410 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2019-01876 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/mcw0/poc/blob/master/reolink-ipc-rce.py | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2019-01876 |
LAST UPDATE DATE
2022-05-04T09:50:54.069000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-01876 | date: | 2019-01-17T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-01876 | date: | 2019-01-17T00:00:00 |