CVE-2025-55619

Published: Aug 22, 2025

Modified: Aug 26, 2025

PUBLISHED

Description

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cwe.mitre.org/data/definitions/329.html

https://cwe.mitre.org/data/definitions/321.html

https://nvd.nist.gov/vuln/detail/CVE-2020-25173

https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences

https://www.notion.so/Reolink-Android-App-Uses-Hardcoded-AES-Key-and-IV-for-Sensitive-Data-Decryption-21a43700364280dc95bedcf6ac1a5db0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55619

Description

Affected Products

References