Reolink desktop application 8.18.12 contains a...
Moderate severity
Unreviewed
Published
Oct 21, 2025
to the GitHub Advisory Database
•
Updated Oct 21, 2025
Description
Published by the National Vulnerability Database
Oct 21, 2025
Published to the GitHub Advisory Database
Oct 21, 2025
Last updated
Oct 21, 2025
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication.
References