Reolink Deeplink Redirect 1. Reporting Information Team name: Team Brrester 2. Overview of Vulnerabilities Vulnerability Title: Deeplink Redirect Date of Discovery: 2025.06.05 Discovery Location (URL or System Path): com.mcu.reolink/com.android.bc.account.smart.AlexaToSmartHomeActivity Vulnerability Type (CWE ID): CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Vulnerability Description: - A Deeplink Open Redirect vulnerability that allows an attacker to manipulate the 'redirectUri' parameter to direct a redirection to a malicious external app or website without the user's click. Run user inputs as 'Intent.ACTION_VIEW' without verification inside the app. 3. Details Impacted Products/Services: Reolink App Product Version: Reolink 4.54.0.4.20250526 Vulnerable Components: com.mcu.reolink/com.android.bc.account.smart.AlexaToSmartHomeActivity Additional Notes: In AndroidManifest, Alexa ToSmart Home Activity has all the exported=true properties, deep links, and app links. In Alexa ToSmart Home Activity's UriParse section, you can see that you are receiving the factor redirect_uri as the getQueryParameter. In the init function part of this activity...