CVE-2025-55619

Critical CVSS: 9.8

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.

Vendor

Reolink

Product

Reolink

CWE

CWE-321

Yayın Tarihi

2025-08-22 17:15:32

Güncelleme

2025-08-28 13:34:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-321 Reolink CRITICAL Reolink 2025

Referanslar

https://cwe.mitre.org/data/definitions/321.html https://cwe.mitre.org/data/definitions/329.html https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences https://nvd.nist.gov/vuln/detail/CVE-2020-25173 https://www.notion.so/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0 https://relieved-knuckle-264.notion.site/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0

Benzer Kayıtlar

Medium

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files…

Medium

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism…

Medium

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application impl…

Medium

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB…

High

CVE-2025-55634

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firm…

Critical

CVE-2025-55637

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a…