Product Roadmap: What's Coming Next Learn More
How ColorX Technology Turn Night into Day Learn More
Reolink App v4.41 Released Learn More
Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.
Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).
Have the vulnerabilities discussed below been fully addressed and fixed? I realize that the UID can be disabled, but if the UID is enabled, have these underlying vulnerabilities been mitigated? Would it be possible to secure the P2P feature with additional security measures like multi-factor authentication or a user-defined verification code along with the UID to access the stream (in addition to the credentials...)? If not, is there a better way to secure this protocol aside from enabling VPN access and blocking its access to the internet? I would very much like to have the push notifications enabled, but not sacrificing privacy and security.
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access. CVE-2020-25173 has been a*signed to this vulnerability.
The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. CVE-2020-25169 has been a*signed to this vulnerability.
Welcome Back!
Hi there! Join the Commnunity to get all the latest news, tips and more!