CVE-2019-11001 — Reolink Multiple IP Cameras

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Added to KEV

2024-12-18

Federal due date

2025-01-08

Vendor

Reolink

Product

Multiple IP Cameras

EPSS

96.7th percentile (score 0.294, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2019-11001

CISA short description

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Required action

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.