Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent vector with high complexity for traffic interception prerequisite; no auth required; scope change to cameras with high C/I but no stated availability impact.
Primary rating from Vendor (Nozomi).
CVSS VectorVendor: Nozomi
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras.
AnalysisAI
Credential brute-force exposure in Reolink Home Hub (versions prior to v3.3.0.456_26031911) enables adjacent-network attackers to crack authentication credentials used between the Hub and its associated cameras. The netclient and factory services transmit or store credentials in a manner susceptible to brute-force attack, allowing an adversary on the same local network to intercept Hub-to-camera traffic and recover camera credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be on the same local network segment (Wi-Fi or LAN) as the Reolink Home Hub - remote internet-based exploitation is not possible given AV:A. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate but context-dependent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker connected to the same Wi-Fi network as the Reolink Home Hub - such as a guest network participant or a compromised device on the LAN - passively captures traffic between the Hub and its cameras using standard packet capture tools. The attacker extracts credential material from the netclient or factory service communications and applies offline brute-force techniques to recover plaintext camera credentials. … |
| Remediation | The confirmed fix is upgrading Reolink Home Hub firmware to v3.3.0.456_26031911 or later, which addresses the weak credential handling in the netclient and factory services. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1391 – Use of Weak Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39646
GHSA-xmw8-pxhc-cq64