Home / Vulnerabilities / CVE-2019-11001
HIGH SEVERITY
CVE-2019-11001Reolink · Multiple IP Cameras

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.2 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

38.37 %
Predictive Probability
Percentile Rank
97.2 th

Documented as more likely to be exploited than 97.2% of known CVEs.

Detection Date

Dec 18, 2024

Remediation Due

Jan 08, 2025

CISA Catalog Active

Threat Analysis

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Remediation Directive

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

External Intelligence

https://reolink.com/product-eol/

https://reolink.com/product-eol/

https://reolink.com/download-center/

https://reolink.com/download-center/

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2019-11001