CVE-2025-56802

Medium CVSS: 5.1

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Vendor

Reolink

Product

Reolink

CWE

CWE-321

Yayın Tarihi

2025-10-21 19:21:23

Güncelleme

2025-11-17 16:04:32

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-321 Reolink MEDIUM Reolink 2025

Referanslar

https://github.com/shinyColumn/CVE-2025-56802 https://shinycolumn.notion.site/reolink-aes-key

Benzer Kayıtlar

Medium

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism…

Medium

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application impl…

Medium

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB…

High

CVE-2025-55634

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firm…

Critical

CVE-2025-55637

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a…

Medium

CVE-2025-55624

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal funct…