CVE-2025-55629
📋 TL;DR
This vulnerability allows attackers to change other users' passwords on Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell devices by manipulating the userName value. It affects all users of the vulnerable firmware version, potentially leading to account takeover and unauthorized access to video feeds and doorbell controls.
💻 Affected Systems
- Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover allowing attackers to lock out legitimate users, access live video feeds, disable security alerts, and potentially compromise home security.
Likely Case
Attackers change passwords for targeted users, gaining unauthorized access to video doorbell functionality and potentially using this as an entry point for further attacks.
If Mitigated
Limited impact if strong network segmentation and monitoring are in place, though account compromise remains possible.
🎯 Exploit Status
Requires some understanding of API manipulation but no special tools. The vulnerability is documented with technical details in the reference link.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Reolink for updated firmware version
Vendor Advisory: Not yet published - monitor Reolink security advisories
Restart Required: Yes
Instructions:
1. Log into Reolink app 2. Navigate to device settings 3. Check for firmware updates 4. Apply any available updates 5. Reboot device after update
🔧 Temporary Workarounds
Network Isolation
allIsolate the video doorbell on a separate VLAN or network segment to limit attack surface
Disable Remote Access
allTemporarily disable cloud/remote access features if not critically needed
🧯 If You Can't Patch
- Implement strict network access controls to limit who can communicate with the device
- Monitor for unusual authentication attempts or password change requests
🔍 How to Verify
Check if Vulnerable:
Check firmware version in Reolink app: Device Settings > Device Information > Firmware VersionCheck Version:
Not applicable - check via Reolink mobile app interfaceVerify Fix Applied:
Verify firmware version is no longer v3.0.0.4662_2503122283 and test password change functionality📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful password change
- Password change requests for different usernames from same source
Network Indicators:
- Unusual API calls to password change endpoints
- Traffic patterns suggesting username parameter manipulation
SIEM Query:
source="reolink-doorbell" AND (event="password_change" OR event="authentication") | stats count by src_ip, username