CVE-2025-60856
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| reolink | video_doorbell | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Reolink Video Doorbell WiFi DB_566128M5MP_W allows an attacker with physical access to connect to an unsecured UART serial console interface. This interface provides unauthenticated root shell access because the device's initialization script does not disable serial console access during boot, and the root user has no password set. By connecting to the UART pads during the boot sequence, an attacker can bypass authentication, execute arbitrary commands with root privileges, and gain full control over the device. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing an attacker to execute root-level code on the device, modify firmware, install permanent backdoors, and access sensitive configuration and network credentials. Essentially, it compromises the security and integrity of the device, potentially leading to unauthorized surveillance, data theft, or use of the device as a foothold in a larger network attack. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by physically inspecting the device for exposed UART pads and attempting to connect to the UART serial console interface (/dev/ttyS0) during the boot sequence. Since the vulnerability involves an unsecured UART interface providing root shell access without authentication, commands to interact with the serial console (e.g., using a serial communication tool like minicom or screen) can be used. For example, connecting via a serial terminal to /dev/ttyS0 and checking if root shell access is granted without a password indicates the vulnerability. Specific commands include: 'screen /dev/ttyS0 115200' or 'minicom -D /dev/ttyS0' to connect to the UART interface and observe if a root shell prompt appears without authentication. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing physical access to the device to avoid unauthorized UART connections. Physically shielding or epoxy-sealing the UART pads to block access is recommended. Additionally, monitoring and restricting physical access to the device location is critical. For longer-term mitigation, the vendor should disable the serial console in production firmware, enforce password protection on shell access, implement secure boot, and restrict maintenance interfaces to authenticated engineering modes only. [1]