Home Hub
Monthly
Credential brute-force exposure in Reolink Home Hub (versions prior to v3.3.0.456_26031911) enables adjacent-network attackers to crack authentication credentials used between the Hub and its associated cameras. The netclient and factory services transmit or store credentials in a manner susceptible to brute-force attack, allowing an adversary on the same local network to intercept Hub-to-camera traffic and recover camera credentials. No public exploit or CISA KEV listing is present at time of analysis; however, the CVSS 4.0 subsequent-system impact is rated High across confidentiality, integrity, and availability, reflecting full camera compromise potential once credentials are cracked.
Credential brute-force exposure in Reolink Home Hub (versions prior to v3.3.0.456_26031911) enables adjacent-network attackers to crack authentication credentials used between the Hub and its associated cameras. The netclient and factory services transmit or store credentials in a manner susceptible to brute-force attack, allowing an adversary on the same local network to intercept Hub-to-camera traffic and recover camera credentials. No public exploit or CISA KEV listing is present at time of analysis; however, the CVSS 4.0 subsequent-system impact is rated High across confidentiality, integrity, and availability, reflecting full camera compromise potential once credentials are cracked.