Approved changes feed: RSS · Atom
cpe:2.3:a:reolink:reolink:4.54.0.4.20250526:*:*:*:*:android:*:*
part: a version: 4.54.0.4.20250526 update: *
| Vendor | Reolink (b49896ec-72c3-57ee-8581-bf98824c2ad2) |
|---|---|
| Product | Reolink (5125e21f-16ec-53d1-a12e-54ca58846e0e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | android |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55625 |
vulnerable | 2026-06-03 15:04:58.835875 |
Details available
An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-09-11T15:20:15.654Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55624 |
vulnerable | 2026-06-03 15:04:58.835526 |
Details available
An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-08-22T19:58:53.291Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55623 |
vulnerable | 2026-06-03 15:04:58.835282 |
Details available
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-08-22T17:55:24.217Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55622 |
vulnerable | 2026-06-03 15:04:58.834907 |
Details available
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-09-01T21:12:54.133Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55621 |
vulnerable | 2026-06-03 15:04:58.834447 |
Details available
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-09-04T14:37:30.597Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55620 |
vulnerable | 2026-06-03 15:04:58.834162 |
Details available
A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-08-22T17:46:57.559Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55619 |
vulnerable | 2026-06-03 15:04:58.833675 |
Details available
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Published: 2025-08-22T00:00:00.000Z
Updated: 2025-08-26T14:07:44.597Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.