Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55621 | 1 Reolink | 1 Reolink | 2025-09-04 | N/A | 6.5 MEDIUM |
| An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another. | |||||
| CVE-2025-55622 | 1 Reolink | 1 Reolink | 2025-09-01 | N/A | 6.5 MEDIUM |
| Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience. | |||||
| CVE-2025-55625 | 1 Reolink | 1 Reolink | 2025-09-01 | N/A | 6.5 MEDIUM |
| An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely. | |||||
| CVE-2025-55619 | 1 Reolink | 1 Reolink | 2025-08-28 | N/A | 9.8 CRITICAL |
| Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | |||||
| CVE-2025-55620 | 1 Reolink | 1 Reolink | 2025-08-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2025-55623 | 1 Reolink | 1 Reolink | 2025-08-28 | N/A | 5.4 MEDIUM |
| An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | |||||
| CVE-2025-55624 | 1 Reolink | 1 Reolink | 2025-08-28 | N/A | 5.3 MEDIUM |
| An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components. | |||||