CVE-2026-57473 | A vulnerability exists in the netclient and factory services… | CVSS 5.8 MEDIUM

Description

A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras.

Metadata

CVE ID: CVE-2026-57473
State: PUBLISHED
Assigner: Nozomi
Reserved: 2026-06-24 13:49 UTC
Published: 2026-06-26 10:47 UTC
Last updated: 2026-06-26 12:01 UTC
Primary CWE: CWE-1391
CWE-1391 Use of Weak Credentials
Vendor / Product: Reolink / Home Hub
Sources: cve.org · NVD

Severity & Metrics

5.8 MEDIUM CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Reolink	Home Hub	—	0 < 3.3.0.456_26031911

Weakness (CWE)

CWE	Source	Description
CWE-1391	cna	CWE-1391 Use of Weak Credentials

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.8	MEDIUM	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

References (1)

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-57473