reolink · threatengine.sh

CVE-2025-56802

all versions

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing

5.1MEDIUM

CVE-2025-56801

all versions

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption

5.1MEDIUM

CVE-2025-56800

all versions

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements loc

5.1MEDIUM

CVE-2025-56799

all versions

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a cra

6.5MEDIUM

CVE-2025-55637

all versions

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command in

9.8CRITICAL

CVE-2025-55634

all versions

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.

7.5HIGH

CVE-2025-55630

all versions

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - f

7.3HIGH

CVE-2025-55625

all versions

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted

6.3MEDIUM

CVE-2025-55624

all versions

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or ac

5.3MEDIUM

CVE-2025-55623

all versions

An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (An

5.4MEDIUM

CVE-2025-55622

all versions

Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NO

6.5MEDIUM

CVE-2025-55621

all versions

An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and

6.5MEDIUM

CVE-2025-55620

all versions

A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to e

6.1MEDIUM

CVE-2025-55619

all versions

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverag

9.8CRITICAL

CVE-2021-44394

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44375

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44366

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44357

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44356

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44355

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-44354

all versions

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0

7.5HIGH

CVE-2021-40405

all versions

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A

6.5MEDIUM

CVE-2021-44419

all versions