Описание
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:reolink:reolink:8.18.12:*:*:*:desktop:*:*:*
EPSS
Процентиль: 5%
0.00023
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 5.1
github
4 месяца назад
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data.
EPSS
Процентиль: 5%
0.00023
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-321