Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
- https://relieved-knuckle-264.notion.site/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0
- https://github.com/fkie-cad/nvd-json-data-feeds