Sign-up

ID

VAR-202101-0305


CVE

CVE-2020-25169


TITLE

Reolink Made P2P Cameras Multiple vulnerabilities in the series

Trust: 0.8

sources: JVNDB: JVNDB-2021-001008

DESCRIPTION

The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. Reolink P2P Cameras The series is Reolink Network provided by IP It's a camera. The product contains the following multiple vulnerabilities. ‥ * Use of hard-coded encryption key (CWE-321) - CVE-2020-25173 ‥ * Sending important information in clear text (CWE-319) - CVE-2020-25169The expected impact depends on each vulnerability, but it may be affected as follows. ‥ * A hard-coded encryption key can be stolen by a third party who can access the local network to break into the product from outside the local network

Trust: 1.71

sources: NVD: CVE-2020-25169 // JVNDB: JVNDB-2021-001008 // VULMON: CVE-2020-25169

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:reolinkmodel:rln8-410scope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-410scope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-423sscope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-520ascope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-510ascope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-422scope:eqversion: -

Trust: 1.0

vendor:reolinkmodel:rlc-423scope:eqversion: -

Trust: 1.0

vendor:reolink digitalmodel:rlc-4xx seriesscope: - version: -

Trust: 0.8

vendor:reolink digitalmodel:rlc-5xx seriesscope: - version: -

Trust: 0.8

vendor:reolink digitalmodel:rln-x10 seriesscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001008 // NVD: CVE-2020-25169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25169
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001008
value: HIGH

Trust: 0.8

IPA: JVNDB-2021-001008
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202101-1619
value: HIGH

Trust: 0.6

VULMON: CVE-2020-25169
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25169
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2020-25169
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2021-001008
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2021-001008
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25169 // JVNDB: JVNDB-2021-001008 // JVNDB: JVNDB-2021-001008 // CNNVD: CNNVD-202101-1619 // NVD: CVE-2020-25169

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

problemtype:CWE-321

Trust: 0.8

sources: JVNDB: JVNDB-2021-001008 // NVD: CVE-2020-25169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1619

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1619

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2021-001008

PATCH
title:Download Centerurl:https://reolink.com/download-center/
Trust: 0.8
title:Reolink devices Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139871
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-001008 // 
            
            
            
            CNNVD: CNNVD-202101-1619

EXTERNAL IDS
db:NVDid:CVE-2020-25169
Trust: 2.6
db:ICS CERTid:ICSA-21-019-02
Trust: 2.5
db:JVNid:JVNVU96898747
Trust: 0.8
db:JVNDBid:JVNDB-2021-001008
Trust: 0.8
db:AUSCERTid:ESB-2021.0228
Trust: 0.6
db:CNNVDid:CNNVD-202101-1619
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2020-25169
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2020-25169 // 
            
            
            
            JVNDB: JVNDB-2021-001008 // 
            
            
            
            CNNVD: CNNVD-202101-1619 // 
            
            
            
            NVD: CVE-2020-25169

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25169
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25173
Trust: 0.8
url:http://jvn.jp/cert/jvnvu96898747
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2021.0228/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-25169
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195250
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2020-25169 // 
            
            
            
            JVNDB: JVNDB-2021-001008 // 
            
            
            
            CNNVD: CNNVD-202101-1619 // 
            
            
            
            NVD: CVE-2020-25169

SOURCES
db:OTHERid: - 
db:VULMONid:CVE-2020-25169
db:JVNDBid:JVNDB-2021-001008
db:CNNVDid:CNNVD-202101-1619
db:NVDid:CVE-2020-25169

LAST UPDATE DATE
2025-01-30T20:39:32.063000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-25169date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2021-001008date:2021-01-21T05:01:55
db:CNNVDid:CNNVD-202101-1619date:2021-02-09T00:00:00
db:NVDid:CVE-2020-25169date:2024-11-21T05:17:32.217

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-25169date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2021-001008date:2021-01-21T05:01:55
db:CNNVDid:CNNVD-202101-1619date:2021-01-20T00:00:00
db:NVDid:CVE-2020-25169date:2021-01-26T18:15:43.037