Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.10 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS7.3AI score0.01236EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.23 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS6.8AI score0.00129EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.11 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS6.7AI score0.00242EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/22 12:11 a.m.9 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS6.4AI score0.00129EPSS
Exploits3References1
NVD
NVD
added 2025/10/21 7:21 p.m.6 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

5.1CVSS0.00122EPSS
Exploits2References2
OSV
OSV
added 2025/10/21 7:21 p.m.3 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS5.8AI score0.00129EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.6 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS0.01236EPSS
Exploits2References2
OSV
OSV
added 2025/10/21 7:21 p.m.4 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.5CVSS5.8AI score0.01236EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.7 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS0.00129EPSS
Exploits2References2
NVD
NVD
added 2025/10/21 7:21 p.m.6 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

5.1CVSS0.00242EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

6.1AI score0.00122EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/21 12:0 a.m.4 views

EUVD-2025-35229

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...

5.1CVSS6.3AI score0.00129EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.9AI score0.01236EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35218

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802...

5.1CVSS6AI score0.00122EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.4 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink, Inc. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from an improper implementation of the local authentication mechanism that allows an attacker to bypass authenticatio...

5.1CVSS6.6AI score0.00242EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.5 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from a mishandling of specially crafted folder names by the scheduled cache cleanup mechanism, which could lead to a...

6.5CVSS7.2AI score0.01236EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.19 views

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

0.00242EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.11 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

0.00129EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.11 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

0.00122EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.7 views

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from the use of hard-coded credentials as initialization vectors in the AES-CFB encryption implementation, which could...

5.1CVSS6.4AI score0.00129EPSS
Exploits2References3
Rows per page
Query Builder