The vulnerability identified as CVE-2025-60858 affects the Reolink Video Doorbell Wi-Fi model DB_566128M5MP_W. The core issue is that the device stores and transmits Dynamic Domain Name System (DDNS) credentials in plaintext within its configuration and update scripts. DDNS credentials are sensitive because they allow mapping of dynamic IP addresses to domain names, facilitating remote access to the device. By storing these credentials without encryption and transmitting them in plaintext, attackers with network access can intercept these credentials through network sniffing or extract them directly from the device's file system if they gain limited access. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 7.5 reflects a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). This indicates that the primary risk is unauthorized disclosure of sensitive credentials, which could be leveraged for further attacks such as unauthorized device control, network reconnaissance, or pivoting into internal networks. No patches or fixes have been published yet, and no known exploits are reported in the wild, but the vulnerability represents a significant risk due to the sensitive nature of the credentials and the ease of exploitation. The CWE-200 classification corresponds to information exposure, confirming that the vulnerability is about leaking sensitive information. Organizations using this Reolink device should consider the risk of credential interception and unauthorized access, especially in environments where physical security devices are critical.

For European organizations, the impact of CVE-2025-60858 can be significant, particularly for those deploying Reolink Video Doorbells as part of their physical security infrastructure. Exposure of DDNS credentials can lead to unauthorized remote access to the doorbell devices, enabling attackers to monitor video feeds, manipulate device settings, or use the device as a foothold into the internal network. This can compromise physical security, privacy, and potentially lead to further network intrusions. Organizations in sectors such as critical infrastructure, government facilities, corporate offices, and residential complexes that rely on these devices for security monitoring are at heightened risk. The plaintext transmission of credentials also increases the risk in environments where network traffic is not fully encrypted or segmented, such as in poorly secured Wi-Fi networks or guest networks. Additionally, the compromise of DDNS credentials could allow attackers to redirect or intercept traffic intended for the device, further amplifying the risk. Although no active exploits are reported, the vulnerability's ease of exploitation and high confidentiality impact necessitate immediate attention to prevent potential breaches.

1. Network Segmentation: Isolate Reolink Video Doorbell devices on a separate VLAN or subnet with strict firewall rules to limit exposure to untrusted networks and reduce the risk of credential interception. 2. Enforce Encrypted Communication: Where possible, ensure that all device communications, including updates and configuration transfers, use encrypted channels such as TLS to prevent plaintext credential exposure. 3. Monitor Network Traffic: Deploy network monitoring tools to detect unusual traffic patterns or unauthorized access attempts targeting the doorbell devices or DDNS services. 4. Limit Remote Access: Disable or restrict remote access features that rely on DDNS credentials until a patch is available, or use VPNs and secure tunnels for remote connectivity. 5. Device Hardening: Change default credentials, disable unnecessary services, and regularly audit device configurations to minimize attack surface. 6. Vendor Coordination: Engage with Reolink for timely updates or patches addressing this vulnerability and apply them promptly once available. 7. Incident Response Preparedness: Develop and test incident response plans specific to IoT device compromise scenarios to quickly contain and remediate potential breaches. 8. Physical Security: Ensure physical access to the devices is controlled to prevent local extraction of credentials from configuration files.