Описание
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Ссылки
- Product
- Product
- Third Party Advisory
- Not Applicable
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:reolink:reolink:4.54.0.4.20250526:*:*:*:*:android:*:*
EPSS
Процентиль: 26%
0.00093
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 9.8
github
6 месяцев назад
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
EPSS
Процентиль: 26%
0.00093
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-321