CVE-2025-60855

MEDIUM EPSS 1.8%

Published Oct 16, 20258mo ago · Modified Jun 17, 20261w ago

5.1 CVSS 3.1

Medium

Published Oct 16, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is instead assured via a "private encryption algorithm" and other "tamper-proof verification."

CVSS Details

Base Score

5.1

Exploitability

0.8

Impact

4.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

1.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-77 Command Injection Injection

References 2

cybermaya.in https://cybermaya.in/posts/Post-45/
reolink.com https://reolink.com/download-center/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.