Multiple vulnerabilities in Reolink P2P Cameras

Published: 2021-01-20

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-25173 CVE-2020-25169
CWE-ID	CWE-321 CWE-319
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	P2P protocol Server applications / Other server solutions
Vendor	Reolink

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU49880

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25173

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to presence of a hard-coded cryptographic key. A local attacker can obtain a fixed cryptography key and compromise the Reolink P2P cameras outside of local network access.

This vulnerability affects the following Reolink devices using P2P:

RLC-4XX series
RLC-5XX series
RLN-X10 series

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P2P protocol: All versions

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-02

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cleartext transmission of sensitive information

EUVDB-ID: #VU49881

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25169

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information