Reolink Reolink

  1. Vendors
  2. Reolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Reolink product.

RSS Feeds for Reolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Reolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Reolink Sorted by Most Security Vulnerabilities since 2018

Reolink Rlc 410w Firmware1 vulnerability

Reolink Video Doorbell1 vulnerability

Known Exploited Reolink Vulnerabilities

The following Reolink vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Reolink RLC-410W IP Camera OS Command Injection Vulnerability Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVE-2021-40407 Exploit Probability: 32.6% 		December 18, 2024
Reolink Multiple IP Cameras OS Command Injection Vulnerability Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.
CVE-2019-11001 Exploit Probability: 38.4% 		December 18, 2024

2 known exploited Reolink vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in Reolink. Last year, in 2025 Reolink had 1 security vulnerability published. Right now, Reolink is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 1 6.80
2024 0 0.00
2023 0 0.00
2022 1 0.00

It may take a day or so for new Reolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Reolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-60856 Oct 20, 2025
Reolink Video Doorbell UART root shell via unsecured serial console Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."
Video Doorbell
CVE-2021-40407 Jan 28, 2022
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102 An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Rlc 410w Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.