Is CVE-2019-11001 actively exploited?

CVE-2019-11001 has no public evidence of in-the-wild exploitation as of 2025-11-06.

What is the CVSS score for CVE-2019-11001?

CVE-2019-11001 has a CVSS score of 7.2 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2019-11001?

Patch guidance is available from reolink security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-11001.

Fix CVE-2019-11001 - HIGH reolink rlc-410w firmware

Q: Which products are affected by CVE-2019-11001?

5 products: reolink rlc-410w firmware, reolink c1 pro firmware, reolink c2 pro firmware, reolink rlc-422w firmware, reolink rlc-511w firmware.

Description

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection CWE-78 · OS Command Injection

Metadata

Primary Vendor: REOLINK
Published: 4/8/2019
Last Modified: 11/6/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

reolink : rlc-410w_firmwarereolink : c1_pro_firmwarereolink : c2_pro_firmwarereolink : rlc-422w_firmwarereolink : rlc-511w_firmware

Remediation Guidance

Executive Summary

View on NIST NVD