An OS command injection vulnerability exists in the...
Critical severity
Unreviewed
Published
Jan 29, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Jan 28, 2022
Published to the GitHub Advisory Database
Jan 29, 2022
Last updated
Feb 3, 2023
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.
References