CVE-2020-25173 Reolink P2P Cameras

2021-01-2612:45:53

CWE-321

icscert

www.cve.org

reolink p2p cameras

local network access

fixed cryptography key

compromise

AI Score

7.5

Confidence

High

EPSS

Percentile

0.4%

JSON

An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access

CNA Affected

[
  {
    "product": "RLC-4XX series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "RLC-5XX series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "RLN-X10 series",
    "vendor": "Reolink",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-019-02