Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3
Description
Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical buffer overflow vulnerability has been identified in multiple Tenda products, assigned CVE-2025-55613 with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to execute arbitrary code and gain complete control of an affected device by sending a specially crafted request to the MAC filtering function. Successful exploitation could lead to a full network compromise, data theft, or the device being co-opted into a botnet.
Vulnerability Details
CVE-ID: CVE-2025-55613
Affected Software: Tenda Multiple Products
Affected Versions: Tenda O3V2 version 1.0.0.12(3880) is confirmed to be vulnerable. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the
fromSafeSetMacFilterfunction of the device's firmware. An attacker can exploit this by sending a network request containing an overly long string in themacparameter to the device's web management interface. The function fails to properly validate the length of this input, causing it to write past the intended buffer on the stack, which can overwrite critical data such as the function's return address. By carefully crafting the malicious input, an attacker can redirect the program's execution flow to arbitrary code, resulting in a full system compromise with the privileges of the running process, which is typically root.Business Impact
This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. A successful exploit grants an attacker complete control over the affected network device. This can lead to severe consequences, including the interception and theft of sensitive data passing through the network, unauthorized access to internal network segments, and the ability to launch further attacks against other systems from a trusted position within the network. Furthermore, compromised devices could be incorporated into a botnet for use in Distributed Denial-of-Service (DDoS) attacks, causing reputational damage and potential service disruption.
Remediation Plan
Immediate Action: Identify all vulnerable Tenda devices within the network and immediately apply the latest firmware updates provided by the vendor to patch this vulnerability. After patching, review device access logs for any anomalous requests or signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Configure network monitoring and intrusion detection systems (IDS) to alert on unusually long or malformed requests targeting the management interfaces of Tenda devices. Specifically, monitor HTTP POST requests to the endpoint responsible for MAC filter settings for abnormally large values in the
macparameter. Review system and web server logs on the devices for repeated failed requests or error messages related to thefromSafeSetMacFilterfunction.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 22, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score and the straightforward nature of buffer overflow vulnerabilities in embedded devices, it is highly probable that threat actors will develop exploits. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical severity (CVSS 9.8) of this vulnerability, which allows for remote code execution, it is imperative that the organization takes immediate action. We strongly recommend prioritizing the deployment of vendor-supplied patches to all affected Tenda devices. Although there is no evidence of active exploitation at this time, the high potential for complete system compromise makes this vulnerability an attractive target for attackers. Proactive patching is the most effective defense to prevent a security breach.