CVE-2025-56802

MEDIUM

Reolink desktop app - Info Disclosure

Title source: llm

Description

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Exploits (1)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-56802

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/shinyColumn/CVE-2025-56802

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://shinycolumn.notion.site/reolink-aes-key

Scores

CVSS v3 5.1

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE

CWE-321

Status published

Products (1)

reolink/reolink 8.18.12

Published Oct 21, 2025

Tracked Since Feb 18, 2026