CVE-2025-55620 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-55620?

CVE-2025-55620 has a CVSS score of 6.1 (MEDIUM). This cross-site scripting (XSS) vulnerability in Reolink's valuateJavascript() function allows attackers to inject and execute malicious JavaScript or HTML code. It affects Reolink users running vulnerable firmware versions, potentially compromising their camera systems and network security.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Reolink's valuateJavascript() function allows attackers to inject and execute malicious JavaScript or HTML code. It affects Reolink users running vulnerable firmware versions, potentially compromising their camera systems and network security.

💻 Affected Systems

Products:

Reolink camera systems

Versions: v4.54.0.4.20250526 and potentially earlier versions

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface of Reolink cameras; vulnerability is in the valuateJavascript() function handling user input

📦 What is this software?

Reolink by Reolink

View all CVEs affecting Reolink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of camera system, credential theft, lateral movement to internal network, persistent backdoor installation

🟠

Likely Case

Session hijacking, credential harvesting, unauthorized camera control, privacy violation

🟢

If Mitigated

Limited to isolated camera system with no network access to critical assets

🌐 Internet-Facing: HIGH - Web interfaces exposed to internet are directly vulnerable to remote exploitation

🏢 Internal Only: MEDIUM - Requires attacker to have network access or trick user into visiting malicious page

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction or access to web interface; exploit details not publicly available but vulnerability is documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Reolink for firmware updates newer than v4.54.0.4.20250526

Vendor Advisory: Monitor Reolink security advisories

Restart Required: Yes

Instructions:

1. Log into Reolink web interface 2. Navigate to System > Maintenance 3. Check for firmware updates 4. Download and install latest firmware 5. Reboot camera after update

🔧 Temporary Workarounds

Input Sanitization

all

Implement client-side and server-side input validation for all user inputs

Content Security Policy

web

Implement strict CSP headers to restrict script execution

🧯 If You Can't Patch

Isolate camera network segment with firewall rules
Disable remote web access and use VPN for management

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Reolink web interface under System > Device Information

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is newer than v4.54.0.4.20250526 and test input fields for XSS

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in web logs
Multiple failed input validation attempts
Suspicious user agent strings

Network Indicators:

HTTP requests with script tags in parameters
Unusual outbound connections from camera

SIEM Query:

source="reolink_web_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-55620

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (9.3th percentile)

Published: August 22, 2025

Last Updated: August 28, 2025

🔗 References

https://relieved-knuckle-264.notion.site/Reolink-javascript-injection-qr-code-21a43700364280eaa76fd56a01b25410 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55620, you might also want to check these: