CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11001

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score28.9590%
EPSS Percentile86.73th
PublishedApr 8, 2019
Last ModifiedNov 6, 2025

Vulnerability Description

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

Affected Platforms (CPE)

πŸ’»
Reolink

Rlc 410w Firmware

<= 1.0.227
πŸ’»
Reolink

C1 Pro Firmware

<= 1.0.227
πŸ’»
Reolink

C2 Pro Firmware

<= 1.0.227
πŸ’»
Reolink

Rlc 422w Firmware

<= 1.0.227
πŸ’»
Reolink

Rlc 511w Firmware

<= 1.0.227

References & Advisories

πŸ”— https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
πŸ”— https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/
πŸ”— https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
πŸ”— https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11001

Related Vulnerabilities

CVE-2021-404197.5

A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series...

CVE-2021-404137.1

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...