Lucene search
+L

29 matches found

redhatcve
redhatcve
added 2025/10/22 12:11 a.m.10 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS7.3AI score0.01236EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/10/22 12:11 a.m.9 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS6.4AI score0.00129EPSS
Exploits3References1
redhatcve
redhatcve
added 2025/10/22 12:11 a.m.23 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS6.8AI score0.00129EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/10/22 12:11 a.m.11 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS6.7AI score0.00242EPSS
Exploits2References1
nvd
nvd
added 2025/10/21 7:21 p.m.7 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS0.00122EPSS
Exploits2References2
osv
osv
added 2025/10/21 7:21 p.m.3 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS5.8AI score0.00129EPSS
Exploits2References2
nvd
nvd
added 2025/10/21 7:21 p.m.6 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS0.01236EPSS
Exploits2References2
nvd
nvd
added 2025/10/21 7:21 p.m.6 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS0.00242EPSS
Exploits2References2
osv
osv
added 2025/10/21 7:21 p.m.4 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS5.8AI score0.01236EPSS
Exploits2References2
nvd
nvd
added 2025/10/21 7:21 p.m.7 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS0.00129EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

6.1AI score0.00122EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2025/10/21 12:0 a.m.11 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

6.3AI score0.00242EPSS
Exploits2References2
cve
cve
added 2025/10/21 12:0 a.m.16 views

CVE-2025-56802

The connected Red Hat and NVD entries confirm CVE-2025-56802 affects the Reolink desktop application and centers on a hard-coded and predictable AES encryption key used to encrypt user configuration files. This allows attackers with local access to decrypt sensitive data stored in %APPDATA%. The ...

5.1CVSS6.1AI score0.00122EPSS
Exploits2References2Affected Software1
euvd
euvd
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35237

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name...

6.5CVSS7AI score0.01236EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.9AI score0.01236EPSS
Exploits2References2
euvd
euvd
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35218

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802...

5.1CVSS6AI score0.00122EPSS
Exploits2References2
cvelist
cvelist
added 2025/10/21 12:0 a.m.13 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

0.00122EPSS
Exploits2References2
cvelist
cvelist
added 2025/10/21 12:0 a.m.21 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

0.00242EPSS
Exploits2References2
cvelist
cvelist
added 2025/10/21 12:0 a.m.13 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

0.00129EPSS
Exploits2References2
cve
cve
added 2025/10/21 12:0 a.m.42 views

CVE-2025-56800

The vulnerability CVE-2025-56800 affects Reolink Desktop Application version 8.18.12. Local authentication can be bypassed because lock screen logic runs in client-side JavaScript within the Electron bundle, exposing the password via a.settingsManager.lockScreenPassword. An attacker with local ac...

5.1CVSS6.3AI score0.00242EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder