Use of Hard-coded Cryptographic Key

CVE-2025-56802

Medium

5.1/10

Summary

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-321 - Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

Advisory Timeline

Published Oct 21, 2025

Use of Hard-coded Cryptographic Key

CVE-2025-56802

Summary

CWE-321 - Use of Hard-coded Cryptographic Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS