Home / Vulnerabilities / CVE-2019-11001
HIGH SEVERITY
CVE-2019-11001 Reolink · Multiple IP Cameras

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.2 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

33.81 %
Predictive Probability
Percentile Rank
96.8 th

Documented as more likely to be exploited than 96.8% of known CVEs.

Detection Date

Dec 18, 2024

Remediation Due

Jan 08, 2025

CISA Catalog Active

Threat Analysis

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Remediation Directive

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

External Intelligence

https://reolink.com/product-eol/

https://reolink.com/product-eol/

https://reolink.com/download-center/

https://reolink.com/download-center/
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2019-11001