Описание
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:reolink:reolink:8.18.12:*:*:*:desktop:*:*:*
EPSS
Процентиль: 6%
0.00023
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 5.1
github
4 месяца назад
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802.
EPSS
Процентиль: 6%
0.00023
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-321