CVE-2025-55629

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283

Description: The device suffers from insecure permissions that allow attackers to arbitrarily change other users' passwords. This is achieved through manipulation of the userName value.

Recommendations: Update to a newer firmware version to address this issue. As a temporary workaround, restrict access to the device’s configuration settings to authorized personnel only.