Reolink P2P Cameras

Plan PatchCVSS 9.1ICS-CERT ICSA-21-019-02Jan 19, 2021

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Reolink cameras in the RLC-4XX, RLC-5XX, and RLN-X10 series contain vulnerabilities in their P2P protocol implementation (CWE-321 weak encryption, CWE-319 use of hard-coded credentials) that allow unauthorized remote access to video feeds and camera settings. An unauthenticated attacker can connect through Reolink's P2P cloud service to retrieve sensitive information from affected cameras. The P2P feature is enabled by default on these models. No vendor patch is available; the manufacturer recommends disabling P2P and using local network access only. Firmware updates may provide some risk mitigation.

What this means

What could happen

An attacker could gain unauthorized access to live video feeds and camera configuration data from Reolink cameras. This could expose physical facility layouts, security monitoring blind spots, and operational information critical to water treatment or power distribution facilities.

Who's at risk

Water utilities and municipal electric facilities using Reolink cameras (RLC-4XX, RLC-5XX, or RLN-X10 series) for physical security monitoring, particularly those that have enabled the P2P cloud connectivity feature for remote access. This affects any facility using these camera models as part of their surveillance infrastructure.

How it could be exploited

An attacker on the internet can connect to the P2P cloud service used by vulnerable Reolink cameras without authentication. The attacker sends crafted requests to retrieve video streams or camera settings through the P2P protocol, exploiting weak encryption and hardcoded credentials in the protocol implementation.

Prerequisites

Network access to Reolink P2P cloud service (internet-facing)
P2P feature enabled on the camera (default state)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availabledefault credentials (P2P enabled by default)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

P2P protocol - RLC-4XX seriesRLC-4XX seriesNo fix (EOL)

P2P protocol - RLN-X10 seriesRLN-X10 seriesNo fix (EOL)

P2P protocol - RLC-5XX seriesRLC-5XX seriesNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable P2P feature on all Reolink cameras and use local network access only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade firmware to latest available version from Reolink download page for your camera model

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: P2P protocol - RLC-4XX series, P2P protocol - RLN-X10 series, P2P protocol - RLC-5XX series. Apply the following compensating controls:

HARDENINGPlace cameras on isolated network segment separate from operational control systems and business network

HARDENINGRestrict camera access to local network only; if remote access required, use VPN with current version

CVEs (2)

CVE-2020-25173 CVE-2020-25169

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e74dca01-9164-48d0-8617-14d3f85cc899

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.