CVE-2025-55634 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-55634?

CVE-2025-55634 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) on Reolink video doorbells by flooding the RTMP server with simultaneous ffmpeg-based stream pushes. The incorrect access control in RTMP server settings enables resource exhaustion attacks. All users of affected Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime devices are impacted.

📋 TL;DR

This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) on Reolink video doorbells by flooding the RTMP server with simultaneous ffmpeg-based stream pushes. The incorrect access control in RTMP server settings enables resource exhaustion attacks. All users of affected Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime devices are impacted.

💻 Affected Systems

Products:

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime

Versions: Firmware v3.0.0.4662_2503122283

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with RTMP server enabled (typically default). Devices behind NAT/firewalls with no port forwarding have reduced exposure.

📦 What is this software?

Smart 2k\+ Plug In Wi Fi Video Doorbell With Chime Firmware by Reolink

View all CVEs affecting Smart 2k\+ Plug In Wi Fi Video Doorbell With Chime Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unavailability, preventing video streaming, doorbell functionality, and chime operation until device restart or attack cessation.

🟠

Likely Case

Temporary service disruption where video feeds become unavailable, doorbell notifications fail, and device becomes unresponsive to legitimate connections.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting preventing unauthorized RTMP connections.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly targeted by unauthenticated attackers from anywhere.

🏢 Internal Only: MEDIUM - Requires internal network access but still exploitable by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires basic knowledge of RTMP protocol and ability to send multiple concurrent stream initiation requests. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available at this time

Restart Required: Yes

Instructions:

1. Check Reolink support for firmware updates. 2. If update available, download from official Reolink website. 3. Apply update through Reolink mobile app or web interface. 4. Restart device after update.

🔧 Temporary Workarounds

Disable RTMP Server

all

Turn off RTMP streaming functionality if not required for your use case

Network Segmentation

all

Place device on isolated VLAN with strict firewall rules blocking RTMP port (default 1935) from untrusted networks

🧯 If You Can't Patch

Implement network-level rate limiting on RTMP port 1935 to prevent flood attacks
Use reverse proxy with authentication and connection limits for RTMP streams

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Reolink app: Settings > Device Information > Firmware Version. If version is v3.0.0.4662_2503122283, device is vulnerable.

Check Version:

Not applicable - check through Reolink mobile app or web interface

Verify Fix Applied:

After applying any firmware update, verify version has changed from v3.0.0.4662_2503122283. Test RTMP functionality with controlled load.

📡 Detection & Monitoring

Log Indicators:

Multiple RTMP connection attempts from single IP
High CPU/memory usage alerts
RTMP stream initiation failures

Network Indicators:

High volume of RTMP traffic on port 1935
Multiple simultaneous RTMP handshakes from same source
Unusual RTMP publish requests

SIEM Query:

source_port:1935 AND (event_count > 10) AND time_range:1m GROUP BY source_ip

📊 Metadata

CVE ID: CVE-2025-55634

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.13% exploit probability (32.9th percentile)

Published: August 22, 2025

Last Updated: October 21, 2025

🔗 References

https://cwe.mitre.org/data/definitions/306.html Technical Description
https://cwe.mitre.org/data/definitions/400.html Technical Description
https://relieved-knuckle-264.notion.site/RTMP-Injection-DoS-through-Unauthenticated-Stream-Publish-23c437003642800297c8c128b6117885?pvs=74 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55634, you might also want to check these: