5.1

CVE-2025-56800

Exploit

EPSS 0.05%
Veröffentlicht 21.10.2025 00:00:00
Zuletzt bearbeitet 17.11.2025 12:46:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only occur if the local user modified his own instance of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Reolink ≫ Reolink Version8.18.12 SwEditiondesktop

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.157

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://shinycolumn.notion.site/reolink-auth-bypass

Third Party Advisory

Exploit

https://github.com/shinyColumn/CVE-2025-56800

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-56800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-56800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-56800

EUVD