Reolink Smart 2K+ Wi-Fi Video Doorbell IDOR Vulnerability Allowing Unauthorized Access to Admin Settings

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. This vulnerability allows unauthorized attackers to access and modify Admin-only settings, including session storage.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of administrative settings on the affected device.

Added: Aug 22, 2025, 5:42 PM

Updated: Aug 22, 2025, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Reolink Smart 2K+ Wi-Fi Video Doorbell IDOR Vulnerability Allowing Unauthorized Access to Admin Settings

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating