exploitDog

CVE-2025-55630

Опубликовано: 22 авг. 2025

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts.

Ссылки

https://relieved-knuckle-264.notion.site/User-Enumeration-Vulnerability-23c43700364280b6a46ae6302818b77e?source=copy_link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:reolink:smart_2k\+_plug-in_wi-fi_video_doorbell_with_chime_firmware:3.0.0.4662_2503122283:*:*:*:*:*:*:*

cpe:2.3:h:reolink:smart_2k\+_plug-in_wi-fi_video_doorbell_with_chime:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

7.3 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-mfgr-gw5x-2w3m

CVSS3: 7.3

github

6 месяцев назад

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts.

EPSS

Процентиль: 22%

0.00071

Низкий

7.3 High

CVSS3

Дефекты

CWE-284