VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202201-0803 CVE-2021-44396 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0786 CVE-2021-44391 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0784 CVE-2021-44412 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0660 CVE-2021-40410 reolink RLC-410W  In  OS  Command injection vulnerability CVSS V2: 6.5
CVSS V3: 7.2
Severity: HIGH
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. An attacker could exploit this vulnerability to cause command execution by sending a specially crafted HTTP request
VAR-202201-0831 CVE-2021-44358 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. The Reolink RLC-410W has security flaws, which can be exploited by attackers to cause denial of service
VAR-202201-0657 CVE-2021-40412 reolink RLC-410W  In  OS  Command injection vulnerability CVSS V2: 6.5
CVSS V3: 7.2
Severity: HIGH
An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. reolink RLC-410W for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0817 CVE-2021-44386 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0798 CVE-2021-44366 Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-37378) CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0815 CVE-2021-44360 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0826 CVE-2021-44417 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0824 CVE-2021-44402 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0843 CVE-2021-44389 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0809 CVE-2021-44362 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0828 CVE-2021-44407 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0656 CVE-2022-21199 reolink RLC-410W  Vulnerability in using hard-coded credentials in CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. reolink RLC-410W Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0793 CVE-2021-44363 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0821 CVE-2021-44419 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0418 CVE-2022-22586 macOS Monterey  Out-of-bounds write vulnerability in CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. macOS Monterey Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213054. CVE-2022-22586: an anonymous researcher ColorSync Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: macOS Monterey Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: macOS Monterey Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro PackageKit Available for: macOS Monterey Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point WebKit Available for: macOS Monterey Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: macOS Monterey Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition Kernel We would like to acknowledge Tao Huang for their assistance. Metal We would like to acknowledge Tao Huang for their assistance. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p rhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq CmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE lzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx Ew7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ 1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap jS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf 0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA dODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP eQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE kSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE wwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI= =WEmw -----END PGP SIGNATURE-----
VAR-202201-0823 CVE-2021-44411 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company
VAR-202201-0794 CVE-2021-44405 reolink RLC-410W  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company