Описание
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-25173
- https://nvd.nist.gov/vuln/detail/CVE-2025-55619
- https://cwe.mitre.org/data/definitions/321.html
- https://cwe.mitre.org/data/definitions/329.html
- https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences
- https://relieved-knuckle-264.notion.site/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0
- https://www.notion.so/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0
Связанные уязвимости
CVSS3: 9.8
nvd
6 месяцев назад
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.