Vulnerability Description
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reolink | Rlc-410W Firmware | <= 1.0.227 |
| Reolink | Rlc-410W | - |
| Reolink | C1 Pro Firmware | <= 1.0.227 |
| Reolink | C1 Pro | - |
| Reolink | C2 Pro Firmware | <= 1.0.227 |
| Reolink | C2 Pro | - |
| Reolink | Rlc-422W Firmware | <= 1.0.227 |
| Reolink | Rlc-422W | - |
| Reolink | Rlc-511W Firmware | <= 1.0.227 |
| Reolink | Rlc-511W | - |
Related Weaknesses (CWE)
References
- https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.pyExploitThird Party Advisory
- https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulneBroken LinkExploitThird Party Advisory
- https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.pyExploitThird Party Advisory
- https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulneBroken LinkExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-11001?
CVE-2019-11001 is a vulnerability with a CVSS score of 7.2 (HIGH). On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated...
How severe is CVE-2019-11001?
CVE-2019-11001 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11001?
Check the references section above for vendor advisories and patch information. Affected products include: Reolink Rlc-410W Firmware, Reolink Rlc-410W, Reolink C1 Pro Firmware, Reolink C1 Pro, Reolink C2 Pro Firmware.