Reolink 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、vendor risk open redirect、vendor risk cross-site scripting, and バッファオーバーフロー があり、vendor surface production workloads の利用場面で vendor impact memory corruption、アプリケーションクラッシュ, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-56802 | The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application. | [email protected] | 5.1 | 0.11% | 2025-10-21 | 2026-06-17 |
| CVE-2025-56801 | The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application. | [email protected] | 5.1 | 0.12% | 2025-10-21 | 2026-06-17 |
| CVE-2025-56800 | Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only o | [email protected] | 5.1 | 0.22% | 2025-10-21 | 2026-06-17 |
| CVE-2025-56799 | Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself. | [email protected] | 6.5 | 1.24% | 2025-10-21 | 2026-06-17 |
| CVE-2025-55637 | Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. | [email protected] | 9.8 | 1.70% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55634 | Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultaneous ffmpeg-based stream pushes. | [email protected] | 7.5 | 0.48% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55630 | A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts. | [email protected] | 7.3 | 0.25% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55625 | An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely. | [email protected] | 6.3 | 0.21% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55624 | An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components. | [email protected] | 5.3 | 0.31% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55623 | An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | [email protected] | 5.4 | 0.29% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55622 | Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience. | [email protected] | 6.5 | 0.32% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55621 | An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another. | [email protected] | 6.5 | 0.22% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55620 | A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 6.1 | 0.21% | 2025-08-22 | 2026-06-17 |
| CVE-2025-55619 | Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | [email protected] | 9.8 | 0.38% | 2025-08-22 | 2026-06-17 |
| CVE-2021-40150 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | [email protected] | 7.5 | 3.36% | 2022-07-17 | 2026-06-17 |
| CVE-2021-40149 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. | [email protected] | 5.9 | 5.99% | 2022-07-17 | 2026-06-17 |
| CVE-2021-44394 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2026-06-17 |
| CVE-2021-44375 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2026-06-17 |
| CVE-2021-44366 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2026-06-17 |
| CVE-2021-44357 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2026-06-17 |