CyberSec.Space Logo
Back to CVE Browser

CVE-2021-40407

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score81.0830%
EPSS Percentile85.67th
PublishedJan 28, 2022
Last ModifiedNov 3, 2025

Vulnerability Description

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.

Affected Platforms (CPE)

๐Ÿ’ป
Reolink

Rlc 410w Firmware

= 3.0.0.136_20121102

References & Advisories

๐Ÿ”— https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424
๐Ÿ”— https://talosintelligence.com/vulnerability_reports/TALOS-2021-1424
๐Ÿ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40407

Related Vulnerabilities

CVE-2021-404197.5

A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series...

CVE-2021-404137.1

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...