Reolink Open Redirect Vulnerability in Version 4.54.0.4.20250526
Vulnerability
A vulnerability allowing open redirection has been identified in Reolink version 4.54.0.4.20250526. This issue allows attackers to redirect users to malicious websites by exploiting a crafted URL. The vulnerability arises because the application accepts user-controlled input for URLs and redirects users without proper validation.
Impact
Exploitation of this vulnerability could lead to users being redirected to malicious sites, potentially causing harm to their devices or compromising personal information. Additionally, the open redirect could be used in a phishing attack, misleading users into believing they are on a trusted site while their credentials are being stolen.
Reproduction
To reproduce this vulnerability, send a request to a Reolink application endpoint that accepts URL parameters for redirection. Include a URL pointing to a malicious site in the 'url' parameter. The application will redirect the user to the specified URL, bypassing any necessary validation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.