Relieved-Knuckle-264

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An open redirect issue exists in Reolink. Attackers can redirect users to a malicious site by using a specially crafted URL. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: An incorrect access control issue exists in the RTMP server settings. This allows attackers to cause a Denial of Service (DoS) by initiating a large number of simultaneous ffmpeg-based stream pushes. Recommendations: Apply any available firmware updates to address the access control issue in the RTMP server settings.

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime contains a command injection vulnerability. The issue is located in the `setddns pip system()` function. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `setddns pip system()` function until a patch is available.