CVE-2025-55637

Опубликовано: 22 авг. 2025

Источник: nvd

CVSS3: 9.8

CVSS3: 6.5

EPSS Низкий

Описание

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.

Ссылки

https://cwe.mitre.org/data/definitions/78.html
Technical Description
https://relieved-knuckle-264.notion.site/Reolink-camera-command-injection-Ddns-username-23f437003642800f83aef6b07f914212?pvs=74
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:reolink:smart_2k\+_plug-in_wi-fi_video_doorbell_with_chime_firmware:3.0.0.4662_2503122283:*:*:*:*:*:*:*

cpe:2.3:h:reolink:smart_2k\+_plug-in_wi-fi_video_doorbell_with_chime:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00608

Низкий

9.8 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-434h-wc6g-q7f3

CVSS3: 6.5

github

6 месяцев назад

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.

EPSS

Процентиль: 69%

0.00608

Низкий

9.8 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-77