CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-11001

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score28.9590%
EPSS Percentile86.73th
Published2019年4月8日
Last Modified2025年11月6日

Vulnerability Description

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

Affected Platforms (CPE)

💻
Reolink

Rlc 410w Firmware

<= 1.0.227
💻
Reolink

C1 Pro Firmware

<= 1.0.227
💻
Reolink

C2 Pro Firmware

<= 1.0.227
💻
Reolink

Rlc 422w Firmware

<= 1.0.227
💻
Reolink

Rlc 511w Firmware

<= 1.0.227

References & Advisories

🔗 https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
🔗 https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/
🔗 https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
🔗 https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11001

相關漏洞威脅

CVE-2021-404197.5

A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series...

CVE-2021-404137.1

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...