CVE-2019-11001
Published
CVSS v3
7.2
HIGH
CVSS v2
9
HIGH
Affected
1
PROJECT
Description
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.
GitHub