CVE-2025-56802

MEDIUM

Reolink desktop app - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-56802. PoCs published by adminlove520, shinyColumn.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2025-56802, which exploits a hard-coded cryptographic key vulnerability in the Reolink Desktop Application (version 8.18.12). The PoC decrypts sensitive configuration files by leveraging a predictable key derivation process involving MD5 hashing and a static IV.

Description

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-56802

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2025-56802, which exploits a hard-coded cryptographic key vulnerability in the Reolink Desktop Application (version 8.18.12). The PoC decrypts sensitive configuration files by leveraging a predictable key derivation process involving MD5 hashing and a static IV.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Reolink Desktop Application 8.18.12

No auth needed

Prerequisites: Access to the local file system where Reolink stores configuration files · Presence of the vulnerable Reolink Desktop Application installation

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github WORKING POC

by shinyColumn · pythonpoc

https://github.com/shinyColumn/CVE-2025-56802

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2025-56802, demonstrating how to decrypt sensitive configuration files in the Reolink Desktop Application due to insecure AES-CFB key generation. The PoC extracts the hardcoded key and IV, decrypts the configuration file, and outputs the sensitive data.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Reolink Desktop Application 8.18.12

No auth needed

Prerequisites: Access to the local file system where Reolink Desktop Application is installed · Presence of the configuration files in %APPDATA%

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 17, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/shinyColumn/CVE-2025-56802

View Exploit ZIP pw:eip

Exploit, Third Party Advisory

https://shinycolumn.notion.site/reolink-aes-key

Scores

CVSS v3 5.1

EPSS 0.0011

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (1)

reolink/reolink 8.18.12

Published Oct 21, 2025

Tracked Since Feb 18, 2026