CNNVD-202508-2723 Information

CNNVD ID

CNNVD-202508-2723

Related CVE

CVE-2025-55619

• CNNVD Published: 2025-08-22

Description (Chinese)

Reolink App是美国Reolink公司的一款手机应用。 Reolink App v4.54.0.4.20250526版本存在安全漏洞，该漏洞源于使用硬编码加密密钥和初始化向量，可能导致访问令牌和会话令牌被解密。

Description (English)

Reolink App is a mobile phone application for Reolink in the United States. There is a security loophole in version Reolink App v4.54.0.202505226, which arises from the use of hard-coded encryption keys and initialized vectors, which may lead to the decryption of access and session tokens.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Reolink

Published

2025-08-22

Last Modified

2026-02-24

References

https://www.notion.so/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0 https://nvd.nist.gov/vuln/detail/CVE-2020-25173 https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences https://cwe.mitre.org/data/definitions/329.html https://cwe.mitre.org/data/definitions/321.html https://relieved-knuckle-264.notion.site/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0 https://nvd.nist.gov/vuln/detail/CVE-2025-55619

Patch

https://reolink.com/software-and-manual/