An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
History

Mon, 01 Sep 2025 21:30:00 +0000

Type Values Removed Values Added
Description An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.

Thu, 28 Aug 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:reolink:reolink:4.54.0.4.20250526:*:*:*:*:android:*:*

Sat, 23 Aug 2025 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Reolink
Reolink reolink
Vendors & Products Reolink
Reolink reolink

Fri, 22 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Aug 2025 17:00:00 +0000

Type Values Removed Values Added
Description An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-01T21:17:21.838Z

Reserved: 2025-08-13T00:00:00.000Z

Link: CVE-2025-55621

cve-icon Vulnrichment

Updated: 2025-08-22T17:51:35.740Z

cve-icon NVD

Status : Modified

Published: 2025-08-22T17:15:33.023

Modified: 2025-09-01T22:15:30.320

Link: CVE-2025-55621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-23T11:53:09Z