CVE-2025-55626
📋 TL;DR
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime allows unauthorized attackers to access admin-only settings and modify session storage. This affects users running firmware version 3.0.0.4662_2503122283, potentially compromising device security and privacy.
💻 Affected Systems
- Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the doorbell system, disable security features, access stored video footage, or compromise the entire home network through lateral movement.
Likely Case
Unauthorized users modify device settings, disable notifications, or access video streams without proper authentication.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation attempts.
🎯 Exploit Status
Exploitation requires understanding of the device's API endpoints and session management, but no authentication bypass is needed once the IDOR is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Reolink for updated firmware version
Vendor Advisory: Not provided in references
Restart Required: No
Instructions:
1. Log into Reolink app or web interface. 2. Navigate to device settings. 3. Check for firmware updates. 4. Apply any available updates. 5. Verify the firmware version is newer than v3.0.0.4662_2503122283.
🔧 Temporary Workarounds
Network Segmentation
allIsolate the doorbell on a separate VLAN or network segment to limit attack surface
Access Control Lists
allImplement firewall rules to restrict access to the doorbell's management interface
🧯 If You Can't Patch
- Disable remote access features and only use the doorbell on local network
- Implement strict network monitoring for unusual access patterns to the device
🔍 How to Verify
Check if Vulnerable:
Check current firmware version in Reolink app under Device Settings > Device InformationCheck Version:
Not applicable - use Reolink app interfaceVerify Fix Applied:
Confirm firmware version is newer than v3.0.0.4662_2503122283 and test admin settings access with non-admin accounts📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to admin settings endpoints
- Session storage modification events from non-admin users
Network Indicators:
- Unusual API calls to administrative endpoints from unauthorized IPs
- Abnormal session management requests
SIEM Query:
source="reolink-doorbell" AND (uri_path="/admin/*" OR action="settings_modify") AND user_role!="admin"