Reolink Video Doorbell WiFi Signature Verification Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in the Reolink Video Doorbell WiFi model DB_566128M5MP_W due to inadequate validation of firmware update signatures. This flaw enables attackers to upload malicious firmware, leading to arbitrary code execution with root privileges. The issue arises because the doorbell's firmware update process, specifically in the components '/app/upgrade', 'libmbedtls.so', and 'libmbedcrypto.so', fails to properly verify signatures against a trusted keychain, allowing unsigned or tampered firmware to be accepted and executed.

Impact

Exploitation of this vulnerability allows for remote execution of arbitrary code with root privileges on the affected device, permanently compromising its firmware and integrity. This could lead to unauthorized persistence of malware, potential pivoting across the network, and a breakdown of trust in the device's update mechanism.

Remediation

Users are advised to only apply official firmware updates from the Reolink Download Center and to disconnect the doorbell from external networks until a fixed version is available. Reolink should enhance signature validation processes, enforce secure boot protocols, and audit firmware update methods to prevent tampering.