Home

Description

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.

PUBLISHED Reserved 2025-08-17 | Published 2025-10-21 | Updated 2025-10-22 | Assigner mitre

References

shinycolumn.notion.site/reolink-command-injection

github.com/shinyColumn/CVE-2025-56799

cve.org (CVE-2025-56799)

nvd.nist.gov (CVE-2025-56799)

Download JSON