CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 08, 2019
Published Date: April 08, 2019
Last Updated: February 10, 2025
Vendor: n/a
Product: n/a
Description: On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

CVSS Scores

CVSS v3.1

7.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0 -

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-12-18 00:00:00 UTC) Source

References

https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/ https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-12-18 00:00:00 UTC