Post

Post 47 | Security Advisory: Plaintext DDNS Credentials in Reolink Video Doorbell Wi-Fi (CVE-2025-60858)

Posted
By Shaunak Ganorkar
1 min read

Author: Shaunak Ganorkar, Traboda Cyberlabs Pvt. Ltd.
Published: October 2025
CVE ID: CVE-2025-60858
Vendor: Reolink
Product: Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W
Affected Components: /usr/sbin/ddns, ddnsrun.dyndns, ddnsrun.noip
Impact: Exposure of Sensitive DDNS Credentials
Severity: Medium
Status: Public

Summary

Reolink Video Doorbell Wi-Fi (DB_566128M5MP_W) stores and transmits Dynamic DNS credentials in plaintext within configuration files and scripts.
This can lead to credential theft, account takeover, and remote reconfiguration of DNS mappings.

Vulnerability Details

  • Vulnerability Type: Insecure Permissions / Plaintext Credential Storage
  • Attack Type: Remote (via traffic sniffing or firmware analysis)
  • Impact: Information disclosure and configuration tampering
  • Attack Vector: Attackers monitoring network traffic or analyzing firmware can extract DDNS credentials from scripts like ddnsrun.dyndns and ddnsrun.noip.

Technical Findings

  1. The DDNS configuration scripts embed plaintext usernames and passwords.
  2. No encryption or hashing mechanism is implemented for sensitive data.
  3. Network captures confirm these credentials can be transmitted unencrypted during DDNS update requests.

Impact

  • Credential compromise and account hijacking
  • Unauthorized modification of DDNS entries
  • Potential redirection of device traffic or phishing infrastructure setup

Recommendations

For Users

  • Avoid using DDNS features until secure credential handling is implemented.
  • Revoke and rotate any credentials previously configured.

For Vendor

  • Store credentials securely using encryption mechanisms.
  • Implement token-based authentication for DDNS updates.
  • Conduct a firmware-wide audit of sensitive data handling.

Discoverer

Shaunak Ganorkar
Traboda Cyberlabs Pvt. Ltd.

🔗 https://www.cybermaya.in
🔗 https://traboda.com
🔗 https://www.linkedin.com/in/shaunakganorkar

Disclaimer

This advisory is released for educational and defensive purposes.
It underscores the importance of secure credential handling practices in connected devices.

Research
Firmware Analysis CVE IoT Security Privacy
This post is licensed under CC BY-NC-ND 4.0 license by the author.