Vulnerability Spotlight: WiFi-connected security camera could be manipulated to spy on communications, among other malicious actions

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered several vulnerabilities in the Reolink RLC-410W security camera that could allow an attacker to perform several malicious actions, including performing man-in-the-middle attacks, stealing user login credentials and more.  

The Reolink RLC-410W is a WiFi-connected security camera. The camera includes motion detection functionalities and multiple ways to save and view the recordings. The vulnerabilities Talos discovered exist in various functions and features of the camera. Some of these exploits could be combined, as well, to reboot the camera without authentication or run certain APIs.

There are five denial-of-service vulnerabilities that could allow an adversary to make the web service unresponsive and restart the device if they send specific network requests to the target: TALOS-2021-1421 (CVE-2021-44354 – CVE-2021-44419) TALOS-2021-1422 (CVE-2021-40405) TALOS-2021-1423 (CVE-2021-40406) TALOS-2021-1432 (CVE-2021-40423) TALOS-2021-1425 (CVE-2021-40413 – CVE-2021-40416) 

TALOS-2022-1450 (CVE-2022-21801) is also a denial-of-service vulnerability, but rather than dealing with the web service, it affects a binary called “netserver.” 

TALOS-2021-1420 (CVE-2021-40404) is an authentication bypass vulnerability that could allow, in combination with other vulnerabilities, to execute privileged action without authentication. If combined with TALOS-2021-1421, 1422 or 1425, the attacker could cause a denial-of-service without authentication.  

TALOS-2021-1425 is also unique because a low-privileged user could reformat the

Read More: http://blog.talosintelligence.com/2022/01/vuln-spotlight-reolink-cameras.html