OTPulse
FeedAboutContact

Reolink P2P Cameras

Act Now9.1ICS-CERT ICSA-21-019-02Jan 19, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Reolink cameras in the RLC-4XX, RLC-5XX, and RLN-X10 series contain vulnerabilities in their P2P protocol implementation (CWE-321 weak encryption, CWE-319 use of hard-coded credentials) that allow unauthorized remote access to video feeds and camera settings. An unauthenticated attacker can connect through Reolink's P2P cloud service to retrieve sensitive information from affected cameras. The P2P feature is enabled by default on these models. No vendor patch is available; the manufacturer recommends disabling P2P and using local network access only. Firmware updates may provide some risk mitigation.

What this means
What could happen
An attacker could gain unauthorized access to live video feeds and camera configuration data from Reolink cameras. This could expose physical facility layouts, security monitoring blind spots, and operational information critical to water treatment or power distribution facilities.
Who's at risk
Water utilities and municipal electric facilities using Reolink cameras (RLC-4XX, RLC-5XX, or RLN-X10 series) for physical security monitoring, particularly those that have enabled the P2P cloud connectivity feature for remote access. This affects any facility using these camera models as part of their surveillance infrastructure.
How it could be exploited
An attacker on the internet can connect to the P2P cloud service used by vulnerable Reolink cameras without authentication. The attacker sends crafted requests to retrieve video streams or camera settings through the P2P protocol, exploiting weak encryption and hardcoded credentials in the protocol implementation.
Prerequisites
  • Network access to Reolink P2P cloud service (internet-facing)
  • P2P feature enabled on the camera (default state)
  • No authentication required
remotely exploitableno authentication requiredlow complexityno patch availabledefault credentials (P2P enabled by default)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
P2P protocol - RLC-4XX seriesRLC-4XX seriesNo fix (EOL)
P2P protocol - RLN-X10 seriesRLN-X10 seriesNo fix (EOL)
P2P protocol - RLC-5XX seriesRLC-5XX seriesNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDisable P2P feature on all Reolink cameras and use local network access only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade firmware to latest available version from Reolink download page for your camera model
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: P2P protocol - RLC-4XX series, P2P protocol - RLN-X10 series, P2P protocol - RLC-5XX series. Apply the following compensating controls:
HARDENINGPlace cameras on isolated network segment separate from operational control systems and business network
HARDENINGRestrict camera access to local network only; if remote access required, use VPN with current version
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e74dca01-9164-48d0-8617-14d3f85cc899
Reolink P2P Cameras | CVSS 9.1 - OTPulse