7.1
CVE-2021-40414
- EPSS 0.21%
- Veröffentlicht 28.01.2022 20:15:11
- Zuletzt bearbeitet 21.11.2024 06:24:05
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginAn incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Reolink ≫ Rlc-410w Firmware Version3.0.0.136_20121102
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
| talos-cna@cisco.com | 7.1 | 2.8 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.