CVE-2025-55627
📋 TL;DR
This vulnerability allows authenticated attackers to create accounts with elevated privileges on Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime devices. Attackers with existing access can escalate their privileges beyond intended levels. This affects users running the vulnerable firmware version.
💻 Affected Systems
- Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise where attackers gain administrative control, potentially accessing video feeds, disabling security features, or using the device as a foothold into the network.
Likely Case
Attackers with initial access create administrative accounts to maintain persistent access, monitor video feeds, or modify device settings.
If Mitigated
Attackers remain limited to their original privilege level without ability to escalate or create new accounts.
🎯 Exploit Status
Requires authenticated access first, then privilege escalation through account creation. No public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Reolink for updated firmware
Vendor Advisory: https://relieved-knuckle-264.notion.site/Account-Takeover-Create-Account-23c43700364280c2b0bddba94a9362ed
Restart Required: No
Instructions:
1. Log into Reolink app or web interface. 2. Navigate to device settings. 3. Check for firmware updates. 4. Apply any available updates. 5. Verify firmware version is no longer v3.0.0.4662_2503122283.
🔧 Temporary Workarounds
Network Segmentation
allIsolate the doorbell device on a separate VLAN or network segment to limit lateral movement if compromised.
Access Control
allRestrict network access to the device only from trusted IP addresses using firewall rules.
🧯 If You Can't Patch
- Disable remote access features if not required
- Monitor device logs for unusual account creation activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version in Reolink app or web interface under device settings.Check Version:
Check via Reolink mobile app: Device Settings > Device Information > Firmware VersionVerify Fix Applied:
Confirm firmware version has been updated to a version newer than v3.0.0.4662_2503122283.📡 Detection & Monitoring
Log Indicators:
- Unusual account creation events
- Multiple failed login attempts followed by successful login
- Administrative actions from non-admin accounts
Network Indicators:
- Unusual network traffic patterns from the device
- Connections to unexpected external IPs
SIEM Query:
device_type:"Reolink Doorbell" AND (event_type:"account_creation" OR privilege_level_changed)