CVE-2019-11001

CVSS 7.2 HIGHEPSS 38.4%● KEVCWE-78

In short

An admin user on certain Reolink camera devices can inject system commands through the email test feature, allowing them to run any command with root privileges on the device.

Technical detail

Authenticated OS command injection vulnerability in the TestEmail endpoint via the addr1 parameter; allows an authenticated admin to execute arbitrary system commands with root privileges by injecting shell metacharacters. Pre-condition: valid admin credentials. Impact: complete system compromise.

Summary generated and translated by AI from the official description.

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11001 https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/