PT-2025-34463 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell With Chime

Relieved-Knuckle-264

Published

2025-08-22

Updated

2025-08-22

CVE-2025-55637

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283

Description: The Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime contains a command injection vulnerability. The issue is located in the setddns pip system() function.

Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the setddns pip system() function until a patch is available.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2025-55637

Affected Products

Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell With Chime

CVE-2025-55637

Weakness Enumeration

Related Identifiers

Affected Products

References · 7