Reolink Smart 2K+ Wi-Fi Video Doorbell Insecure Password Change Vulnerability

Vulnerability

A vulnerability exists in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. The issue arises from insecure permissions that allow attackers to arbitrarily change the passwords of other users by manipulating the userName value.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing attackers to gain access to other users' accounts.

Added: Aug 22, 2025, 5:35 PM

Updated: Aug 22, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Reolink Smart 2K+ Wi-Fi Video Doorbell Insecure Password Change Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating