CVE-2020-25173 – Reolink P2P cameras use a hardcoded cryptograph... (How to Fix)

Q: What is the severity of CVE-2020-25173?

CVE-2020-25173 has a CVSS score of 7.8 (HIGH). Reolink P2P cameras use a hardcoded cryptographic key that can be extracted by attackers on the local network. This allows attackers to potentially compromise cameras remotely even without local network access. Only Reolink P2P camera models with this fixed key implementation are affected.

📋 TL;DR

Reolink P2P cameras use a hardcoded cryptographic key that can be extracted by attackers on the local network. This allows attackers to potentially compromise cameras remotely even without local network access. Only Reolink P2P camera models with this fixed key implementation are affected.

💻 Affected Systems

Products:

Reolink P2P cameras

Versions: Multiple firmware versions prior to fixes

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects models using Reolink's P2P implementation with hardcoded keys. Check specific model advisories for exact affected devices.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full remote control of cameras, enabling video/audio interception, device manipulation, and using cameras as footholds into internal networks.

🟠

Likely Case

Unauthorized remote access to camera feeds and device settings, potentially enabling surveillance or disabling security monitoring.

🟢

If Mitigated

Limited to local network reconnaissance only, with no external compromise possible due to proper network segmentation.

🌐 Internet-Facing: HIGH - Once key is obtained locally, cameras become remotely exploitable from anywhere on the internet.

🏢 Internal Only: HIGH - Local network attackers can easily extract the key and prepare for remote attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires local network access initially, but key extraction is straightforward. Public research demonstrates the vulnerability clearly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released by Reolink (check specific model for exact version)

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02

Restart Required: Yes

Instructions:

1. Identify exact camera model. 2. Visit Reolink support site. 3. Download latest firmware for your model. 4. Upload firmware via camera web interface or Reolink client. 5. Reboot camera after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN without internet access

Disable P2P Feature

all

Turn off P2P functionality in camera settings if available

🧯 If You Can't Patch

Physically disconnect cameras from internet while keeping local network access for monitoring
Implement strict firewall rules blocking all inbound traffic to cameras

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Reolink's advisory. Older firmware versions are vulnerable.

Check Version:

Check via camera web interface: Settings > System > Information > Firmware Version

Verify Fix Applied:

Confirm firmware version matches or exceeds patched version listed in advisory

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Firmware modification logs
Unexpected configuration changes

Network Indicators:

Unexpected outbound connections from cameras
Traffic to unfamiliar external IPs
Protocol anomalies in camera communications

SIEM Query:

source="camera_logs" AND (event="firmware_update" OR event="config_change")

📊 Metadata

CVE ID: CVE-2020-25173

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-321

Published: January 26, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25173, you might also want to check these: