CVE-2019-11001

high-risk

Published 2019-04-08

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

Do I need to act?

38.4% chance of exploitation in next 30 days

EPSS score — higher than 62% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (5)

Rlc-410W Firmware

C1 Pro Firmware

C2 Pro Firmware

Rlc-422W Firmware

Rlc-511W Firmware

Affected Vendors

Reolink

References (5)

Exploit https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py

Broken Link https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulne...

Exploit https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.py

Broken Link https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulne...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...

/ 100

high-risk

Severity 26/34 · High

Exploitability 24/34 · High

Exposure 12/34 · Low