CVE-2025-60856

Published: Oct 20, 2025

Modified: Oct 21, 2025

PUBLISHED

Description

Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://reolink.com/download-center/

https://cybermaya.in/posts/Post-46/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60856

Description

Affected Products

References