CVE-2025-56801

MEDIUM

Reolink Desktop App 8.18.12 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56801. PoCs published by adminlove520.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-56801, a vulnerability in the Reolink Desktop Application (version 8.18.12) where the AES-CFB IV is effectively hardcoded, leading to weak encryption. The writeup includes code snippets, PoC steps, and cryptographic analysis.

Description

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Exploits (1)

github WRITEUP 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-56801

The repository provides a detailed technical analysis of CVE-2025-56801, a vulnerability in the Reolink Desktop Application (version 8.18.12) where the AES-CFB IV is effectively hardcoded, leading to weak encryption. The writeup includes code snippets, PoC steps, and cryptographic analysis.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Reolink Desktop Application 8.18.12
No auth needed
Prerequisites: Access to the application's DevTools console
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.1
EPSS 0.0012
EPSS Percentile 2.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-321
Status published
Products (1)
reolink/reolink 8.18.12
Published Oct 21, 2025
Tracked Since Feb 18, 2026