Reolink Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access to Profile Photos

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Reolink version 4.54.0.4.20250526. This vulnerability enables unauthorized attackers to access and download profile photos of other users by exploiting a crafted URL.

Impact

Exploitation of this vulnerability allows unauthorized access to and downloading of users' profile photos.

Added: Aug 22, 2025, 5:45 PM

Updated: Aug 22, 2025, 6:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Reolink Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access to Profile Photos

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating