CVE-2025-55625

Medium CVSS: 6.3

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely.

Vendor

Reolink

Product

Reolink

CWE

CWE-601

Yayın Tarihi

2025-08-22 17:15:34

Güncelleme

2025-09-26 14:05:02

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-601 Reolink MEDIUM Reolink 2025

Referanslar

https://cwe.mitre.org/data/definitions/601.html https://relieved-knuckle-264.notion.site/Reolink-Deeplink-Redirect-21b437003642804a865af2fb02942f66

Benzer Kayıtlar

Medium

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files…

Medium

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism…

Medium

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application impl…

Medium

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB…

High

CVE-2025-55634

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firm…

Critical

CVE-2025-55637

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a…