Reolink Smart 2K+ Video Doorbell User Enumeration Vulnerability

Vulnerability

A user enumeration vulnerability has been identified in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. The issue arises from a discrepancy in the error messages generated by the login function when incorrect usernames and passwords are entered, allowing attackers to identify existing accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized account enumeration, allowing attackers to verify the existence of user accounts on the device.

Added: Aug 22, 2025, 5:34 PM

Updated: Aug 22, 2025, 6:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Reolink Smart 2K+ Video Doorbell User Enumeration Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating