CVE-2019-11001 - OpenCVE

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Reolink	C1 Pro C1 Pro Firmware C2 Pro C2 Pro Firmware Rlc-410w Rlc-410w Firmware Rlc-422w Rlc-422w Firmware Rlc-511w Rlc-511w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:reolink:rlc-410w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:reolink:c1_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:reolink:c1_pro:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:reolink:c2_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:reolink:c2_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:reolink:rlc-422w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:reolink:rlc-422w:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:reolink:rlc-511w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:reolink:rlc-511w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-08T17:00:21

Updated: 2024-08-04T22:40:15.887Z

Reserved: 2019-04-08T00:00:00

Link: CVE-2019-11001

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-08T17:29:00.590

Modified: 2019-04-09T14:11:43.437

Link: CVE-2019-11001

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-08T17:00:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/", "refsource": "MISC", "url": "https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/"}, {"name": "https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py", "refsource": "MISC", "url": "https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:15.887Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11001", "datePublished": "2019-04-08T17:00:21", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.887Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:reolink:rlc-410w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E2B849F-7B64-4F91-AB7E-F30E6C985E82", "versionEndIncluding": "1.0.227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:*", "matchCriteriaId": "260FB388-A221-4900-92FB-FAB90529647D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:reolink:c1_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "194BCD5A-FD4D-4033-9B01-0F4265FD457F", "versionEndIncluding": "1.0.227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:reolink:c1_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "74E8E50D-04C9-4E55-BEF3-529DE454D246", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:reolink:c2_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6264361B-DDB6-4ED3-AAD4-3720C61F4252", "versionEndIncluding": "1.0.227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:reolink:c2_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "4772378F-9C3C-4922-A881-ED97FD146E99", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:reolink:rlc-422w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35B08D45-0987-4776-873A-E2F96953CC9B", "versionEndIncluding": "1.0.227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:reolink:rlc-422w:-:*:*:*:*:*:*:*", "matchCriteriaId": "32CC3B56-E72B-40AB-8B61-1CDEA37EEC26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:reolink:rlc-511w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C88B6DF-E0A7-4681-9037-70BE3D6EA74D", "versionEndIncluding": "1.0.227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:reolink:rlc-511w:-:*:*:*:*:*:*:*", "matchCriteriaId": "E71BC51D-7C0F-4FDE-9B7E-020B6338644F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field."}, {"lang": "es", "value": "En los dispositivos Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W y RLC-511W hasta la versi\u00f3n 1.0.227, un administrador autenticado puede usar la funcionalidad \"TestEmail\" para inyectar y ejecutar comandos del Sistema Operativo como root, como es demostrado por los metacaracteres shell en el campo addr1."}], "id": "CVE-2019-11001", "lastModified": "2019-04-09T14:11:43.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-08T17:29:00.590", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}