← back
CVE-2019-11001

CVE-2019-11001

CVSS 7.2 HIGHEPSS 38.4%● KEVCWE-78
Vexday Risk Score
63High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.2EPSS 38.4%KEV simPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2019Published on NVD
18 Dec 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

An admin user on certain Reolink camera devices can inject system commands through the email test feature, allowing them to run any command with root privileges on the device.

Technical detail

Authenticated OS command injection vulnerability in the TestEmail endpoint via the addr1 parameter; allows an authenticated admin to execute arbitrary system commands with root privileges by injecting shell metacharacters. Pre-condition: valid admin credentials. Impact: complete system compromise.

Summary generated and translated by AI from the official description.
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/mcw0/PoC/blob/master/Reolink-IPC-RCE.pyhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11001https://www.vdoo.com/blog/working-with-the-community-%E2%80%93-significant-vulnerabilities-in-reolink-cameras/