Lucene search

IcscertCVE-2020-25169

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-25169

2021-01-2618:15:43

CWE-319

icscert

web.nvd.nist.gov

reolink

p2p

data protection

data interception

vulnerability

nvd

cve-2020-25169

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.

Affected configurations

Nvd

Node

reolinkrln8-410_firmwareMatch-

AND

reolinkrln8-410Match-

Node

reolinkrlc-422_firmwareMatch-

AND

reolinkrlc-422Match-

Node

reolinkrlc-510a_firmwareMatch-

AND

reolinkrlc-510aMatch-

Node

reolinkrlc-410_firmwareMatch-

AND

reolinkrlc-410Match-

Node

reolinkrlc-423s_firmwareMatch-

AND

reolinkrlc-423sMatch-

Node

reolinkrlc-423_firmwareMatch-

AND

reolinkrlc-423Match-

Node

reolinkrlc-520aMatch-

AND

reolinkrlc-520a_firmwareMatch-

VendorProductVersionCPE
reolinkrln8-410_firmware-cpe:2.3:o:reolink:rln8-410_firmware:-:*:*:*:*:*:*:*
reolinkrln8-410-cpe:2.3:h:reolink:rln8-410:-:*:*:*:*:*:*:*
reolinkrlc-422_firmware-cpe:2.3:o:reolink:rlc-422_firmware:-:*:*:*:*:*:*:*
reolinkrlc-422-cpe:2.3:h:reolink:rlc-422:-:*:*:*:*:*:*:*
reolinkrlc-510a_firmware-cpe:2.3:o:reolink:rlc-510a_firmware:-:*:*:*:*:*:*:*
reolinkrlc-510a-cpe:2.3:h:reolink:rlc-510a:-:*:*:*:*:*:*:*
reolinkrlc-410_firmware-cpe:2.3:o:reolink:rlc-410_firmware:-:*:*:*:*:*:*:*
reolinkrlc-410-cpe:2.3:h:reolink:rlc-410:-:*:*:*:*:*:*:*
reolinkrlc-423s_firmware-cpe:2.3:o:reolink:rlc-423s_firmware:-:*:*:*:*:*:*:*
reolinkrlc-423s-cpe:2.3:h:reolink:rlc-423s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
reolink	rln8-410_firmware	-	cpe:2.3:o:reolink:rln8-410_firmware:-:::::::*
reolink	rln8-410	-	cpe:2.3:h:reolink:rln8-410:-:::::::*
reolink	rlc-422_firmware	-	cpe:2.3:o:reolink:rlc-422_firmware:-:::::::*
reolink	rlc-422	-	cpe:2.3:h:reolink:rlc-422:-:::::::*
reolink	rlc-510a_firmware	-	cpe:2.3:o:reolink:rlc-510a_firmware:-:::::::*
reolink	rlc-510a	-	cpe:2.3:h:reolink:rlc-510a:-:::::::*
reolink	rlc-410_firmware	-	cpe:2.3:o:reolink:rlc-410_firmware:-:::::::*
reolink	rlc-410	-	cpe:2.3:h:reolink:rlc-410:-:::::::*
reolink	rlc-423s_firmware	-	cpe:2.3:o:reolink:rlc-423s_firmware:-:::::::*
reolink	rlc-423s	-	cpe:2.3:h:reolink:rlc-423s:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "RLC-4XX series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "RLC-5XX series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "RLN-X10 series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-019-02

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Related for CVE-2020-25169