CVE-2025-60856 identifies a critical security vulnerability in the Reolink Video Doorbell WiFi model DB_566128M5MP_W. The vulnerability stems from an unsecured UART/serial console interface exposed on the device, which lacks authentication or access controls. An attacker who obtains physical access to the device can connect directly to this UART interface, typically via exposed pins or connectors on the device's circuit board. Through this interface, the attacker can gain root shell access, effectively allowing execution of arbitrary commands with full administrative privileges on the device. This level of access compromises the device’s confidentiality, integrity, and availability, enabling potential manipulation of video streams, disabling of security features, or pivoting into connected networks. The vulnerability does not require network access or user interaction, only physical proximity. No official CVSS score has been assigned yet, and no patches or firmware updates are currently available. The vulnerability was reserved and published in late 2025, indicating recent discovery. The lack of known exploits in the wild suggests it is not yet actively exploited but poses a significant risk if physical security is inadequate. This vulnerability highlights the importance of securing hardware interfaces on IoT devices, especially those deployed in security-sensitive environments.

For European organizations, the impact of this vulnerability can be substantial, particularly for those deploying Reolink Video Doorbells in residential, commercial, or critical infrastructure settings. Unauthorized root access allows attackers to manipulate video feeds, potentially disabling surveillance or using the device as a foothold for further network intrusion. This compromises physical security monitoring and could lead to privacy violations or espionage. The vulnerability also undermines trust in IoT security devices, potentially leading to reputational damage and regulatory scrutiny under GDPR if personal data is exposed. Organizations with less stringent physical security controls are especially vulnerable. The inability to currently patch the device increases the risk window. In sectors such as finance, government, or healthcare, where physical security and surveillance are critical, exploitation could have cascading effects on operational security and safety.

Mitigation should focus primarily on preventing physical access to the device’s UART interface. Organizations should ensure that doorbells are installed in locations that are difficult to access without authorization, such as behind protective covers or within locked enclosures. Physical tamper-evident seals or alarms can help detect unauthorized access attempts. Until a firmware update or hardware revision is released by Reolink, disabling or physically blocking the UART pins internally may be necessary, though this requires technical expertise and may void warranties. Network segmentation should be employed to isolate IoT devices from critical infrastructure networks to limit lateral movement if compromise occurs. Regular physical inspections and monitoring for signs of tampering are recommended. Organizations should engage with Reolink for updates and consider alternative devices with stronger hardware security if risk tolerance is low. Finally, raising user awareness about the importance of physical security for IoT devices is essential.