Vulnerabilities > CVE-2022-21236 - Files or Directories Accessible to External Parties vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

reolink

CWE-552

NVD

Published: 2022-01-28

Updated: 2022-07-01

Summary

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Reolink Reolink RLC 410W Firmware 3.0.0.136_20121102	1
Hardware	Reolink Reolink RLC 410W -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1446