CVE-2025-55619
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-08-28
Assigner: MITRE
Description
Description
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| reolink | reolink | 4.54.0.4.20250526 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Reolink v4.54.0.4.20250526 involves a hardcoded encryption key and initialization vector within the app. An attacker can exploit this by reverse engineering the app to decrypt access tokens and web session tokens stored inside it.
How can this vulnerability impact me? :
The vulnerability allows an attacker to decrypt sensitive tokens such as access tokens and web session tokens, potentially leading to unauthorized access to user accounts or sessions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70