CVE-2025-55630

High CVSS: 7.3

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts.

Vendor

Reolink

Product

Smart 2k\+ Plug-in Wi-fi Video Doorbell With Chime Firmware

CWE

CWE-284

Yayın Tarihi

2025-08-22 17:15:34

Güncelleme

2025-10-21 14:04:46

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Smart 2k\+ Plug-in Wi-fi Video Doorbell With Chime Firmware HIGH Reolink 2025

Referanslar

https://relieved-knuckle-264.notion.site/User-Enumeration-Vulnerability-23c43700364280b6a46ae6302818b77e?source=copy_link

Benzer Kayıtlar

Medium

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files…

Medium

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism…

Medium

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application impl…

Medium

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB…

High

CVE-2025-55634

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firm…

Critical

CVE-2025-55637

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a…