An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published: 2022-01-28T19:10:15

Updated: 2024-08-04T02:44:09.640Z

Reserved: 2021-09-01T00:00:00

Link: CVE-2021-40410

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-28T20:15:11.740

Modified: 2024-11-21T06:24:04.533

Link: CVE-2021-40410

cve-icon Redhat

No data.