Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure

Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI...

Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key RSA disclosure vulnerability. id: CVE-2021-40149 info: name: Reolink E1 Zoom Camera =3.0.0.716 - Private Key Disclosure author: For3stCo1d severity: medium description: | Reolink E1 Zoom Camera versions 3.0.0.716 and...

CVE-2025-60858

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

EUVD-2025-36541

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

CVE-2025-60858

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

CVE-2025-60858

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W 安全漏洞

Reolink Video Doorbell Wi-Fi - DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell Wi-Fi - DB566128M5MPW, which stems from DDNS credentials being stored and transmitted in plaintext, which could lead to the disclosure of sensitive...

CVE-2025-60858

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

PT-2025-44192

Name of the Vulnerable Software and Affected Versions Reolink Video Doorbell Wi-Fi DB 566128M5MP W affected versions not specified Description The Reolink Video Doorbell Wi-Fi DB 566128M5MP W stores and transmits Dynamic DNS DDNS credentials in plaintext within its configuration and update script...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-60856

Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...