CVE-2025-55627 is a vulnerability identified in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. The core issue is insufficient privilege verification, which allows an authenticated attacker to create new user accounts with elevated privileges. This means that an attacker who already has some level of access to the device can exploit this flaw to escalate their privileges, potentially gaining administrative control over the device. The vulnerability arises from improper checks on privilege levels during account creation processes, enabling privilege escalation without proper authorization. Although no CVSS score has been assigned yet and no known exploits are currently reported in the wild, the nature of the vulnerability suggests a significant risk. The Reolink Smart 2K+ doorbell is an IoT device commonly used for home and small business security, integrating video surveillance and doorbell functionality. The ability to create privileged accounts could allow attackers to manipulate video feeds, disable security alerts, or use the device as a foothold for further network intrusion. Given the device's role in physical security and its network connectivity, exploitation could compromise both digital and physical security aspects.

For European organizations, especially small businesses and residential users relying on Reolink Smart 2K+ devices, this vulnerability poses a risk of unauthorized access and control over security infrastructure. Attackers gaining elevated privileges could disable or manipulate video recordings, potentially covering up unauthorized physical access or theft. In corporate environments where these devices are integrated into broader security systems, the vulnerability could be leveraged to pivot into internal networks, threatening confidentiality and integrity of sensitive data. The impact extends beyond individual devices to organizational security posture, increasing the risk of espionage, data breaches, or physical security incidents. Moreover, compromised devices could be used as part of botnets or for launching further attacks, affecting availability and network performance. The lack of a patch or mitigation at the time of disclosure increases the urgency for organizations to implement compensating controls to reduce exposure.

To mitigate this vulnerability, European organizations should first verify if they are using the affected firmware version (3.0.0.4662_2503122283) on Reolink Smart 2K+ devices. If so, they should immediately restrict access to the device management interfaces by implementing network segmentation and firewall rules to limit device accessibility only to trusted internal networks or VPNs. Strong authentication mechanisms should be enforced, including complex passwords and multi-factor authentication if supported. Monitoring device logs for unusual account creation or privilege escalation attempts is critical. Organizations should also contact Reolink support to inquire about firmware updates or patches addressing this vulnerability and apply them promptly once available. As a temporary measure, disabling remote management features or restricting them to known IP addresses can reduce attack surface. Additionally, organizations should conduct regular security assessments of IoT devices and consider replacing vulnerable devices with more secure alternatives if patches are not forthcoming.