Search
Total
2199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29207 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29200 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29192 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29194 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29191 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-28193 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2022-05-30 | 4.6 MEDIUM | 6.6 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | |||||
| CVE-2022-29199 | 1 Google | 1 Tensorflow | 2022-05-27 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29198 | 1 Google | 1 Tensorflow | 2022-05-27 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29197 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29196 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29195 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29193 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-28186 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. | |||||
| CVE-2022-28188 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. | |||||
| CVE-2022-28190 | 1 Nvidia | 1 Gpu Display Driver | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. | |||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2022-05-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | |||||
| CVE-2022-21136 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-24382 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-0885 | 1 Microsoft | 5 Windows 10, Windows Server, Windows Server 2008 and 2 more | 2022-05-23 | 6.3 MEDIUM | 5.8 MEDIUM |
| The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability". | |||||
| CVE-2018-0888 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2022-05-23 | 4.7 MEDIUM | 5.6 MEDIUM |
| The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability". | |||||
| CVE-2021-33108 | 1 Intel | 1 In-band Manageability | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29613 | 1 Sap | 1 Employee Self Service | 2022-05-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | |||||
| CVE-2022-1406 | 1 Gitlab | 1 Gitlab | 2022-05-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project | |||||
| CVE-2020-26145 | 2 Samsung, Siemens | 26 Galaxy I9305, Galaxy I9305 Firmware, 6gk5763-1al00-3aa0 and 23 more | 2022-05-13 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | |||||
| CVE-2020-8700 | 2 Intel, Netapp | 546 Bios, Core I3-l13g4, Core I5-l16g7 and 543 more | 2022-05-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-28708 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-29479 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2019-16027 | 1 Cisco | 32 Asr 9000, Asr 9000v, Asr 9001 and 29 more | 2022-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process. | |||||
| CVE-2021-1383 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2022-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. | |||||
| CVE-2022-1108 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2022-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-1107 | 1 Lenovo | 60 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga and 57 more | 2022-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | |||||
| CVE-2021-4212 | 1 Lenovo | 124 C340-14iml, C340-14iml Firmware, C340-15iml and 121 more | 2022-05-11 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-28791 | 1 Samsung | 1 Galaxy Store | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | |||||
| CVE-2021-4211 | 1 Lenovo | 106 A340-22icb, A340-22icb Firmware, A340-22ick and 103 more | 2022-05-11 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-28781 | 1 Google | 1 Android | 2022-05-11 | 7.2 HIGH | 6.7 MEDIUM |
| Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. | |||||
| CVE-2020-10693 | 4 Ibm, Oracle, Quarkus and 1 more | 8 Websphere Application Server, Weblogic Server, Quarkus and 5 more | 2022-05-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. | |||||
| CVE-2022-20744 | 1 Cisco | 1 Firepower Management Center | 2022-05-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. | |||||
| CVE-2021-3970 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2022-05-06 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2020-4981 | 1 Ibm | 1 Spectrum Scale | 2022-05-03 | 3.6 LOW | 6.0 MEDIUM |
| IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541. | |||||
| CVE-2021-0377 | 1 Google | 1 Android | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689 | |||||
| CVE-2021-0400 | 1 Google | 1 Android | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690 | |||||
| CVE-2021-21464 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-0345 | 1 Google | 1 Android | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974. | |||||
| CVE-2021-0404 | 1 Google | 1 Android | 2022-05-03 | 2.1 LOW | 4.4 MEDIUM |
| In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. | |||||
| CVE-2021-44409 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44396 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44408 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44365 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44415 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||