CVE-2025-55630
📋 TL;DR
This vulnerability allows attackers to determine valid user accounts on Reolink Smart Doorbell systems by analyzing differences in error messages during failed login attempts. Attackers can enumerate existing accounts, which is the first step in credential-based attacks. All users of the affected Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime running vulnerable firmware are affected.
💻 Affected Systems
- Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers enumerate all valid accounts, then conduct targeted password attacks leading to unauthorized access to video feeds, doorbell controls, and potentially home network infiltration.
Likely Case
Attackers identify valid accounts and conduct credential stuffing or brute force attacks against those specific accounts, potentially gaining unauthorized access to the doorbell system.
If Mitigated
Even with account enumeration, strong passwords and account lockout policies prevent successful authentication attacks.
🎯 Exploit Status
Exploitation requires no authentication and involves simple login attempts with different usernames while observing error message differences.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
1. Check Reolink support for firmware updates. 2. If update available, download from official Reolink website. 3. Apply firmware update through Reolink app or web interface.
🔧 Temporary Workarounds
Network Segmentation
allIsolate the doorbell device on a separate VLAN or network segment to limit exposure.
Access Control Lists
allImplement firewall rules to restrict access to the doorbell's management interface.
🧯 If You Can't Patch
- Implement strong, unique passwords for all accounts
- Enable account lockout policies after failed attempts if supported
🔍 How to Verify
Check if Vulnerable:
Attempt login with invalid username and invalid password, then attempt with valid username and invalid password. Compare error messages for differences.Check Version:
Check firmware version in Reolink mobile app under Device Settings > Device InformationVerify Fix Applied:
Repeat the verification test - both invalid username and valid username with wrong password should return identical error messages.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts with different usernames
- Pattern of login attempts from single IP with varying usernames
Network Indicators:
- Unusual authentication traffic to doorbell management interface
- Multiple HTTP POST requests to login endpoint
SIEM Query:
source="doorbell_logs" AND event_type="authentication_failure" | stats count by username | where count > threshold