CVE-2025-60856
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: MITRE

Description
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60856
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
reolink video_doorbell *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Reolink Video Doorbell WiFi DB_566128M5MP_W allows an attacker with physical access to connect to an unsecured UART serial console interface. This interface provides unauthenticated root shell access because the device's initialization script does not disable serial console access during boot, and the root user has no password set. By connecting to the UART pads during the boot sequence, an attacker can bypass authentication, execute arbitrary commands with root privileges, and gain full control over the device. [1]

Impact Analysis

This vulnerability can have severe impacts including allowing an attacker to execute root-level code on the device, modify firmware, install permanent backdoors, and access sensitive configuration and network credentials. Essentially, it compromises the security and integrity of the device, potentially leading to unauthorized surveillance, data theft, or use of the device as a foothold in a larger network attack. [1]

Detection Guidance

This vulnerability can be detected by physically inspecting the device for exposed UART pads and attempting to connect to the UART serial console interface (/dev/ttyS0) during the boot sequence. Since the vulnerability involves an unsecured UART interface providing root shell access without authentication, commands to interact with the serial console (e.g., using a serial communication tool like minicom or screen) can be used. For example, connecting via a serial terminal to /dev/ttyS0 and checking if root shell access is granted without a password indicates the vulnerability. Specific commands include: 'screen /dev/ttyS0 115200' or 'minicom -D /dev/ttyS0' to connect to the UART interface and observe if a root shell prompt appears without authentication. [1]

Mitigation Strategies

Immediate mitigation steps include preventing physical access to the device to avoid unauthorized UART connections. Physically shielding or epoxy-sealing the UART pads to block access is recommended. Additionally, monitoring and restricting physical access to the device location is critical. For longer-term mitigation, the vendor should disable the serial console in production firmware, enforce password protection on shell access, implement secure boot, and restrict maintenance interfaces to authenticated engineering modes only. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60856. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart