Vulnerabilities > CVE-2022-21236 - Files or Directories Accessible to External Parties vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
reolink
CWE-552

Summary

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Reolink
1
Hardware
Reolink
1