Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.22 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS6.8AI score0.00129EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.7 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS7.3AI score0.01236EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.9 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS6.7AI score0.00242EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.7 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS6.4AI score0.00129EPSS
Exploits3References1
NVD
NVD
added 2025/10/21 7:21 p.m.4 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS0.00122EPSS
Exploits2References2
OSV
OSV
added 2025/10/21 7:21 p.m.4 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS5.8AI score0.01236EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.5 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS0.00242EPSS
Exploits2References2
OSV
OSV
added 2025/10/21 7:21 p.m.3 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS5.8AI score0.00129EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.5 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS0.00129EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.5 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS0.01236EPSS
Exploits2References2
CVE
CVE
added 2025/10/21 12:0 a.m.10 views

CVE-2025-56802

The connected Red Hat and NVD entries confirm CVE-2025-56802 affects the Reolink desktop application and centers on a hard-coded and predictable AES encryption key used to encrypt user configuration files. This allows attackers with local access to decrypt sensitive data stored in %APPDATA%. The ...

5.1CVSS6.1AI score0.00122EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.9 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

0.00122EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.3 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from a mishandling of specially crafted folder names by the scheduled cache cleanup mechanism, which could lead to a...

6.5CVSS7.2AI score0.01236EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

6.1AI score0.00122EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.3 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from the use of hard-coded credentials as initialization vectors in the AES-CFB encryption implementation, which could...

5.1CVSS6.4AI score0.00129EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.10 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

6.3AI score0.00242EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.9AI score0.01236EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35218

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802...

5.1CVSS6AI score0.00122EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.4 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink, Inc. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from an improper implementation of the local authentication mechanism that allows an attacker to bypass authenticatio...

5.1CVSS6.6AI score0.00242EPSS
Exploits2References3
CVE
CVE
added 2025/10/21 12:0 a.m.38 views

CVE-2025-56800

The vulnerability CVE-2025-56800 affects Reolink Desktop Application version 8.18.12. Local authentication can be bypassed because lock screen logic runs in client-side JavaScript within the Electron bundle, exposing the password via a.settingsManager.lockScreenPassword. An attacker with local ac...

5.1CVSS6.3AI score0.00242EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder