CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jan 8, 2025

CVE-2019-11001

High

EPSS 33.8%CISA KEV

Reolink/Multiple IP Cameras

Description

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

EPSS — Exploit Probability

33.8%

Higher than 96.9% of all CVEs

Required Action

https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-11001

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 33.8%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Dec 18, 2024

Added to KEV

Dec 18, 2024

Remediation Due

Jan 8, 2025

Affected Product

Reolink

Multiple IP Cameras

View all Reolink CVEs

External Links

NVD (NIST)CVE Details MITRE CVE