CVE-2025-56675 is a vulnerability identified in the EKEN video doorbell T6, specifically in the firmware version BT60PLUS_MAIN_V1.0_GC1084_20230531. The issue is classified under CWE-669, which pertains to Incorrect Resource Transfer Between Spheres. In this case, the device periodically transmits debug logs to EKEN's cloud servers that inadvertently contain sensitive information, notably the Wi-Fi SSID and password. This leakage occurs because debug logs, which are typically intended for internal troubleshooting, are not properly sanitized before being sent externally. The vulnerability allows an attacker who can access these cloud logs to obtain network credentials, potentially enabling unauthorized access to the victim's local network. The CVSS v3.1 base score is 3.5, indicating a low severity level. The vector string (AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) shows that the attack is network-based but requires low privileges and high attack complexity, with no user interaction needed. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. Confidentiality impact is low, while integrity and availability are not affected. No known exploits are currently reported in the wild, and no patches have been published yet. This vulnerability highlights a design flaw in handling sensitive data within IoT devices, where debug information is improperly exposed to external cloud infrastructure.

For European organizations, the impact of this vulnerability primarily concerns the confidentiality of Wi-Fi network credentials. If an attacker gains access to these credentials via compromised or intercepted cloud debug logs, they could infiltrate the organization's local network, potentially leading to further lateral movement or data exfiltration. Although the direct impact on integrity and availability is minimal, the exposure of network access details can serve as a stepping stone for more severe attacks. Organizations using EKEN video doorbells in sensitive environments such as corporate offices, residential buildings with corporate tenants, or critical infrastructure facilities could face increased risk. The vulnerability also raises privacy concerns, as unauthorized access to Wi-Fi networks could enable surveillance or data interception. Given the low CVSS score and the requirement for some privileges and high attack complexity, the immediate risk is moderate but should not be underestimated, especially in environments where network security is paramount.

To mitigate this vulnerability, European organizations should first verify if their EKEN video doorbell T6 devices are running the affected firmware version (BT60PLUS_MAIN_V1.0_GC1084_20230531). Until an official patch is released, organizations should consider the following specific actions: 1) Disable or restrict remote debug logging features if configurable via the device settings or management interface to prevent sensitive data from being sent externally. 2) Segment the network where the video doorbell operates, placing it in a dedicated VLAN or guest network with limited access to critical internal resources to contain potential breaches. 3) Monitor network traffic for unusual outbound connections from the device to cloud servers and implement strict firewall rules to control such communications. 4) Change Wi-Fi passwords regularly and use strong, unique credentials to reduce the window of opportunity for attackers. 5) Engage with EKEN support to request timelines for patches and updates, and subscribe to vulnerability advisories for timely information. 6) Consider alternative devices with better security postures if the risk is unacceptable and no timely fix is forthcoming.