CVE-2025-55631 identifies a vulnerability in the Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime, specifically in firmware version 3.0.0.4662_2503122283. The issue arises from the device's session management mechanism, which manages user sessions on a system-wide basis rather than on an individual account basis. This design choice means that all user sessions share a common resource pool or limit. Consequently, an attacker could potentially exhaust these shared resources by initiating numerous sessions, leading to a Denial of Service (DoS) condition. This would prevent legitimate users from accessing the device or its services. The vulnerability is categorized under CWE-400, which relates to uncontrolled resource consumption, indicating that the root cause is the lack of proper resource management or isolation between user sessions. The supplier has noted that the system-wide session limit is intentional, which suggests that this behavior is by design rather than a coding error. However, this design choice introduces a risk vector where resource exhaustion can be exploited to disrupt service availability. The CVSS v3.1 base score is 4.0 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and low impact on availability (A:L). No known exploits are reported in the wild, and no patches have been linked yet.

For European organizations, especially those deploying Reolink Smart 2K+ Wi-Fi Video Doorbells in office buildings, residential complexes, or critical infrastructure sites, this vulnerability could lead to service disruptions. A successful DoS attack could prevent authorized users from accessing video feeds or doorbell functionalities, potentially impacting physical security monitoring and access control. While the impact on confidentiality and integrity is negligible, availability is affected, which can degrade security posture and operational continuity. In environments where these devices are integrated into broader security or building management systems, the DoS could cascade, affecting automated responses or alerting mechanisms. Given the medium severity and local attack vector, the threat is more relevant to attackers with physical or network proximity to the device, such as insiders or nearby adversaries. The lack of user interaction and privileges required lowers the barrier for exploitation once local access is obtained. This could be particularly concerning in multi-tenant buildings or public spaces where attackers might attempt to disrupt security monitoring.

To mitigate this vulnerability, European organizations should first verify if firmware updates or patches become available from Reolink addressing session management. Until then, practical steps include: 1) Network segmentation: Isolate the doorbell devices on a dedicated VLAN or subnet with strict access controls to limit exposure to potential attackers. 2) Access control: Restrict local network access to trusted devices and users only, employing strong authentication mechanisms on the network level (e.g., WPA3 for Wi-Fi). 3) Monitoring and alerting: Implement network monitoring to detect abnormal session creation patterns or resource exhaustion indicators related to these devices. 4) Physical security: Limit physical access to the devices to prevent attackers from gaining local network access. 5) Device configuration: Review and minimize the number of concurrent sessions or users where possible, and disable unnecessary services or features that could increase attack surface. 6) Incident response planning: Prepare procedures to quickly reboot or reset affected devices to restore service in case of DoS. These measures go beyond generic advice by focusing on network architecture and operational controls tailored to the device's limitations and attack vector.