Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

reolink

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2025-55619
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-55620
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 6.46%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-55621
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.67%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-55622
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 9.68%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-491
Public cloneable() Method Without Final ('Object Hijack')
CVE-2025-55623
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.29%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-55624
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-55625
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-28 Aug, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-reolinkn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')