Vulnerability Details : CVE-2019-11001
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
Products affected by CVE-2019-11001
- cpe:2.3:o:reolink:rlc-410w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:reolink:c1_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:reolink:c2_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:reolink:rlc-422w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:reolink:rlc-511w_firmware:*:*:*:*:*:*:*:*
CVE-2019-11001 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Reolink Multiple IP Cameras OS Command Injection Vulnerability
CISA required action:
The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
CISA description:
Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.
Notes:
https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-11001
Added on
2024-12-18
Action due date
2025-01-08
Exploit prediction scoring system (EPSS) score for CVE-2019-11001
15.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11001
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-12-18 |
CWE ids for CVE-2019-11001
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-11001
-
https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/
Working With the Community – Significant Vulnerabilities in Reolink Cameras | VDOOExploit;Third Party Advisory
-
https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py
PoC/Reolink-IPC-RCE.py at master · mcw0/PoC · GitHubExploit;Third Party Advisory
Jump to