Description

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only occur if the local user modified his own instance of the application.

INFO

Published Date :

2025-10-21T00:00:00.000Z

Last Modified :

2025-10-22T13:17:28.063Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-56800 vulnerability.

Vendors Products
Reolink
  • Reolink
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-56800.

URL Resource
https://github.com/shinyColumn/CVE-2025-56800 cve-icon cve-icon
https://shinycolumn.notion.site/reolink-auth-bypass cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact