Post

Post 45 | Security Advisory: Improper Firmware Signature Verification in Reolink Video Doorbell Wi-Fi (CVE-2025-60855)

Posted
By Shaunak Ganorkar
1 min read

Author: Shaunak Ganorkar, Traboda Cyberlabs Pvt. Ltd.
Published: October 2025
CVE ID: CVE-2025-60855
Vendor: Reolink
Product: Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W
Affected Components: /app/upgrade, libmbedtls.so, libmbedcrypto.so
Impact: Remote Arbitrary Code Execution with Root Privileges
Severity: High
Status: Public

Summary

The Reolink Video Doorbell Wi-Fi (DB_566128M5MP_W) firmware performs insufficient validation of firmware update signatures.
Attackers can upload maliciously modified firmware images that bypass cryptographic verification, allowing remote code execution with root privileges.

Vulnerability Details

  • Vulnerability Type: Improper Verification of Cryptographic Signature (CWE-347)
  • Attack Type: Remote (via malicious firmware upload)
  • Impact: Full compromise of device integrity and control
  • Attack Vector: An attacker with network or local access can deliver a crafted firmware update that bypasses validation logic due to missing signature checks in libmbedtls.so and libmbedcrypto.so.

Technical Findings

  1. Firmware extraction revealed /app/upgrade invokes cryptographic routines without validating signatures against a trusted keychain.
  2. The function performing the signature check does not verify the certificate chain or digest comparison, allowing unsigned firmware acceptance.
  3. Modified firmware binaries were successfully repacked with arbitrary payloads without rejection.

Impact

  • Execution of attacker-supplied code as root
  • Permanent firmware compromise
  • Possibility of malware persistence and network pivoting
  • Undermined update trust chain

Recommendations

For Users

  • Apply only official firmware updates downloaded directly from Reolink Download Center.
  • Disconnect the doorbell from external networks until a fixed firmware is provided.

For Vendor

  • Implement strong cryptographic signature validation with trusted root CA verification.
  • Enforce secure boot and reject unsigned images.
  • Audit all firmware update mechanisms for tampering prevention.

Discoverer

Shaunak Ganorkar
Traboda Cyberlabs Pvt. Ltd.

🔗 https://www.cybermaya.in
🔗 https://traboda.com
🔗 https://www.linkedin.com/in/shaunakganorkar

Disclaimer

This research was conducted using responsible disclosure principles.
No live systems were harmed during analysis. Users and vendors are encouraged to patch or retire affected devices immediately.

Research
Firmware Analysis CVE Reolink IoT Security
This post is licensed under CC BY-NC-ND 4.0 license by the author.