CVE-2025-55619

Exploit

EPSS 0.09%
Veröffentlicht 22.08.2025 00:00:00
Zuletzt bearbeitet 28.08.2025 13:34:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Reolink ≫ Reolink Version4.54.0.4.20250526 SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.262

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://cwe.mitre.org/data/definitions/321.html

Product

https://cwe.mitre.org/data/definitions/329.html

Product

https://nvd.nist.gov/vuln/detail/CVE-2020-25173

Not Applicable

https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences

Third Party Advisory

https://www.notion.so/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0

Third Party Advisory

Exploit

https://relieved-knuckle-264.notion.site/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-55619

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55619

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55619

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55619