Talos Vulnerability Report


Reolink RLC-410W hardcoded TLS key information disclosure vulnerability

January 26, 2022
CVE Number



An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Tested Versions

Reolink RLC-410W v3.0.0.136_20121102

Product URLs

RLC-410W - https://reolink.com/us/product/rlc-410w/

CVSSv3 Score

7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H


CWE-321 - Use of Hard-coded Cryptographic Key


The Reolink RLC-410W is a WiFi security camera. The camera includes motion detection functionalities and various methods to save the recordings.

The RLC-410W ships with an hardcoded TLS key. Following the relevant part of the nginx configuration used by the camera:

        ssl on;
        ssl_protocols     TLSv1.2;                                                                      [1]
        ssl_certificate /mnt/app/www/self.crt;
        ssl_certificate_key /mnt/app/www/self.key;                                                      [2]

At [2] the location of TLS private key is specified. This key is hardcoded in the firmware. At [1] is possible to see that TLSv1.2 is used.

An attacker can impersonate any camera using the hardcoded TLS private key. Since TLS v1.2 is used in some specific context, an attacker could use the TLS private key to decrypt the HTTPS conversation established with the camera, allowing him to successfully perform a MITM attacks. This enables the attacker to stole the authentication tokens of a logged users, potentially, allowing the attacker to act with admin privileges.


2022-01-14 - Vendor Disclosure
2022-01-19 - Vendor Patched

2022-01-26 - Public Release


Discovered by Francesco Benvenuto of Cisco Talos.