Security Flaw in Reolink Video Doorbell Wi-Fi Configuration Exposes Sensitive Data
CVE-2025-60858

7.5HIGH

Key Information:

Vendor: Reolink
Status: Reolink Video Doorbell Wi-Fi
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-60858?

The Reolink Video Doorbell Wi-Fi DB_566128M5MP_W contains a vulnerability that stores and transmits Dynamic DNS (DDNS) credentials in plaintext within its configuration and update scripts. This implementation flaw allows attackers to easily intercept or extract sensitive information, potentially compromising user security and privacy. Users of this product should take immediate steps to secure their systems and review the exposure of sensitive data to mitigate risks.

References

https://reolink.com/download-center/

https://cybermaya.in/posts/Post-47/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60858 Data

JSON