Description
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras.
Published: 2026-06-26
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in Reolink Home Hub devices before firmware v3.3.0.456_26031911 that allows attackers on the same local network to brute‑force the netclient and factory service credentials, potentially intercepting traffic between the Hub and connected cameras and compromising camera credentials. This could lead to unauthorized access to camera streams and configuration, exposing sensitive video data and enabling remote control of the cameras. The weakness is due to improper comparison of unique identifiers, classified as CWE‑1391.

Affected Systems

The affected vendor/product is Reolink Home Hub, specifically any unit running firmware versions earlier than v3.3.0.456_26031911. No other vendors or product variations are listed, and the CVE impacts only the NetClient and Factory services of that hub.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate severity, and the EPSS score is not provided, but the vulnerability is not listed in the CISA KEV catalog. Attackers would need physical or network access to the same local network as the Hub, making the attack vector local. Because the brute‑force method can succeed over time, the risk for organizations with exposed Hubs is significant if default credentials are used, but mitigation through firmware updates or strong passwords can reduce exploitability.

Generated by OpenCVE AI on June 26, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Reolink Home Hub firmware to v3.3.0.456_26031911 or later to remove the vulnerability.
  • Ensure that netclient and factory service credentials are set to strong, unique passwords and not left at factory defaults.
  • Segregate the camera network from general local Wi‑Fi SSIDs to limit local attacker reach.
  • Disable or restrict access to the netclient and factory services if they are not required by your deployment.

Generated by OpenCVE AI on June 26, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Local Network Brute-Force Credential Compromise in Reolink Home Hub

Fri, 26 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras.
Weaknesses CWE-1391
References
Metrics cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-06-26T12:01:44.449Z

Reserved: 2026-06-24T13:49:50.681Z

Link: CVE-2026-57473

cve-icon Vulnrichment

Updated: 2026-06-26T12:01:40.922Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T12:30:17Z

Weaknesses