Reolink: >> Reolink Security Vulnerabilities
An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-22
An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-22
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-22
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-22
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-22
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-08-22
A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-22