Search criteria
6 vulnerabilities found for rln8-410_firmware by reolink
FKIE_CVE-2020-25169
Vulnerability from fkie_nvd - Published: 2021-01-26 18:15 - Updated: 2024-11-21 05:17
Severity ?
Summary
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reolink | rln8-410_firmware | - | |
| reolink | rln8-410 | - | |
| reolink | rlc-422_firmware | - | |
| reolink | rlc-422 | - | |
| reolink | rlc-510a_firmware | - | |
| reolink | rlc-510a | - | |
| reolink | rlc-410_firmware | - | |
| reolink | rlc-410 | - | |
| reolink | rlc-423s_firmware | - | |
| reolink | rlc-423s | - | |
| reolink | rlc-423_firmware | - | |
| reolink | rlc-423 | - | |
| reolink | rlc-520a_firmware | - | |
| reolink | rlc-520a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rln8-410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA97CBF4-7E5C-4DF4-99C7-244BC3CC77DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rln8-410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE63907-9A5E-46D2-BCE3-41B2B1FD22F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-422_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE43C3EF-3920-49B9-BB6B-9EA03DDFB954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "097FC838-6BEB-4A6E-9ADA-B49F6D926561",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-510a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4A48F1-AD16-4499-8D9B-28086287608D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03EA9726-66B7-4B33-A8F3-3421F762CF08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CB154B-7116-45B8-875A-CC25991DB230",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C158CF9-2697-40AF-9828-C64F3654B097",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-423s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5593386-2933-4692-89C3-F663C83344A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-423s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DFB155-051D-4EBD-8627-932C81A5027C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-423_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "940DC985-48CA-46E7-8AB0-713688D2CFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E37962D1-C747-4D28-897A-E41A841DE61D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-520a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE181027-4C23-4F48-A8A6-96C23382CD99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-520a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "242B396F-15EF-4A4C-AC20-AA7366E0892F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds."
},
{
"lang": "es",
"value": "Los productos P2P de Reolink afectados no protegen suficientemente los datos transferidos entre el dispositivo local y los servidores de Reolink.\u0026#xa0;Esto puede permitir a un atacante acceder a informaci\u00f3n confidencial, tales como im\u00e1genes de c\u00e1maras"
}
],
"id": "CVE-2020-25169",
"lastModified": "2024-11-21T05:17:32.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:43.037",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25173
Vulnerability from fkie_nvd - Published: 2021-01-26 18:15 - Updated: 2024-11-21 05:17
Severity ?
Summary
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reolink | rln8-410_firmware | - | |
| reolink | rln8-410 | - | |
| reolink | rlc-422_firmware | - | |
| reolink | rlc-422 | - | |
| reolink | rlc-510a_firmware | - | |
| reolink | rlc-510a | - | |
| reolink | rlc-423s_firmware | - | |
| reolink | rlc-423s | - | |
| reolink | rlc-423_firmware | - | |
| reolink | rlc-423 | - | |
| reolink | rlc-410_firmware | - | |
| reolink | rlc-410 | - | |
| reolink | rlc-520a_firmware | - | |
| reolink | rlc-520a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rln8-410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA97CBF4-7E5C-4DF4-99C7-244BC3CC77DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rln8-410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE63907-9A5E-46D2-BCE3-41B2B1FD22F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-422_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE43C3EF-3920-49B9-BB6B-9EA03DDFB954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "097FC838-6BEB-4A6E-9ADA-B49F6D926561",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-510a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4A48F1-AD16-4499-8D9B-28086287608D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03EA9726-66B7-4B33-A8F3-3421F762CF08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-423s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5593386-2933-4692-89C3-F663C83344A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-423s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DFB155-051D-4EBD-8627-932C81A5027C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-423_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "940DC985-48CA-46E7-8AB0-713688D2CFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E37962D1-C747-4D28-897A-E41A841DE61D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CB154B-7116-45B8-875A-CC25991DB230",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C158CF9-2697-40AF-9828-C64F3654B097",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:reolink:rlc-520a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE181027-4C23-4F48-A8A6-96C23382CD99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:reolink:rlc-520a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "242B396F-15EF-4A4C-AC20-AA7366E0892F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
},
{
"lang": "es",
"value": "Un atacante con acceso a la red local puede obtener una clave de criptograf\u00eda fija que puede permitir un mayor compromiso de las c\u00e1maras P2P Reolink fuera del acceso a la red local"
}
],
"id": "CVE-2020-25173",
"lastModified": "2024-11-21T05:17:33.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:43.130",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-25169 (GCVE-0-2020-25169)
Vulnerability from cvelistv5 – Published: 2021-01-26 12:46 – Updated: 2024-09-16 22:15
VLAI?
Summary
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
Severity ?
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reolink | RLC-4XX series |
Affected:
All versions
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RLC-4XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLC-5XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLN-X10 series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2021-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:46:09",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
},
"title": "Reolink P2P Cameras",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-01-20T05:00:00.000Z",
"ID": "CVE-2020-25169",
"STATE": "PUBLIC",
"TITLE": "Reolink P2P Cameras"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RLC-4XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLC-5XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLN-X10 series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Reolink"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
]
},
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25169",
"datePublished": "2021-01-26T12:46:09.208478Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-16T22:15:58.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25173 (GCVE-0-2020-25173)
Vulnerability from cvelistv5 – Published: 2021-01-26 12:45 – Updated: 2024-09-16 20:47
VLAI?
Summary
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
Severity ?
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reolink | RLC-4XX series |
Affected:
All versions
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RLC-4XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLC-5XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLN-X10 series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2021-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:45:53",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
},
"title": "Reolink P2P Cameras",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-01-20T05:00:00.000Z",
"ID": "CVE-2020-25173",
"STATE": "PUBLIC",
"TITLE": "Reolink P2P Cameras"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RLC-4XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLC-5XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLN-X10 series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Reolink"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
]
},
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25173",
"datePublished": "2021-01-26T12:45:53.081700Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-16T20:47:12.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25169 (GCVE-0-2020-25169)
Vulnerability from nvd – Published: 2021-01-26 12:46 – Updated: 2024-09-16 22:15
VLAI?
Summary
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.
Severity ?
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reolink | RLC-4XX series |
Affected:
All versions
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RLC-4XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLC-5XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLN-X10 series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2021-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:46:09",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
},
"title": "Reolink P2P Cameras",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-01-20T05:00:00.000Z",
"ID": "CVE-2020-25169",
"STATE": "PUBLIC",
"TITLE": "Reolink P2P Cameras"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RLC-4XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLC-5XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLN-X10 series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Reolink"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
]
},
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25169",
"datePublished": "2021-01-26T12:46:09.208478Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-16T22:15:58.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25173 (GCVE-0-2020-25173)
Vulnerability from nvd – Published: 2021-01-26 12:45 – Updated: 2024-09-16 20:47
VLAI?
Summary
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
Severity ?
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reolink | RLC-4XX series |
Affected:
All versions
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RLC-4XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLC-5XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLN-X10 series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2021-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:45:53",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
},
"title": "Reolink P2P Cameras",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-01-20T05:00:00.000Z",
"ID": "CVE-2020-25173",
"STATE": "PUBLIC",
"TITLE": "Reolink P2P Cameras"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RLC-4XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLC-5XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLN-X10 series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Reolink"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
]
},
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25173",
"datePublished": "2021-01-26T12:45:53.081700Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-16T20:47:12.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}