Token max Dos 1. Reporting Information Team name: Team Brrester 2. Overview of Vulnerabilities Vulnerability Title: System-wide Login Denial Due to Session Resource Exhaustion (DoS) Date of Discovery: 2025.07.05 Discovery Location (URL or System Path): Reolink Firmware Web ( → ) Vulnerability Type (CWE ID): - CWE-400: Uncontrolled Resource Consumption Vulnerability Description: The system manages user sessions system-wide rather than on an account-by-account basis, and refuses to log in to all accounts if the session count is exceeded. This can result in global denial of service (DoS) with just a simple repeat request without the need to bypass authentication. 3. Details Impacted Products/Services: Reolink Firmware Web Product Version: firmware v3.0.0.4662_2503122283 Vulnerable Components: Authentication/Session Management Logic Attack Vector: The code above code is the code that receives input value. At this time, you see some of the following code: