Reolink Smart 2K+ Wi-Fi Video Doorbell Command Injection Vulnerability

A command injection vulnerability has been identified in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. The vulnerability arises in the setddns_pip_system() function, where improper input validation allows attackers to inject and execute arbitrary commands on the system.

Impact

Exploitation of this vulnerability allows for OS command injection, where an attacker can execute arbitrary commands with the same privileges as the application. This could lead to unauthorized access to files, modification of data, or disruption of the device's normal operation.

Reproduction

To reproduce this vulnerability, send a request to the setddns_pip_system() function with crafted input that includes command separators, such as semicolons, followed by additional commands. The injected commands will be executed on the device, demonstrating the command injection flaw.