Overview
CVE-2025-64983 details a critical vulnerability affecting Smart Video Doorbells. Specifically, firmware versions prior to 2.01.078 contain an active debug code vulnerability. This flaw allows a remote attacker to establish a Telnet connection to the device and potentially gain unauthorized access, leading to device compromise.
Technical Details
The vulnerability stems from the presence of residual debug code within the vulnerable firmware versions. This debug code inadvertently enables the Telnet service, which is typically disabled in production environments. An attacker on the same network or, in some cases, through port forwarding, can exploit this by connecting to the device via Telnet using default or easily guessed credentials (if any are enforced in the debug configuration). Successful exploitation grants the attacker shell access, allowing them to execute commands, modify device settings, access video streams, and potentially brick the device.
CVSS Analysis
According to the provided information, a CVSS score is not currently available (N/A) for CVE-2025-64983. The severity is also marked as N/A. However, given the potential for remote code execution via Telnet, a manual risk assessment would likely categorize this vulnerability as high severity. A full CVSS score will likely be determined by factors such as attack vector, attack complexity, privileges required, user interaction, confidentiality impact, integrity impact, and availability impact.
Possible Impact
The impact of exploiting CVE-2025-64983 is significant. A successful attacker could:
- Gain Unauthorized Access: Full control over the Smart Video Doorbell.
- Access Video Feeds: View live and recorded video footage, compromising user privacy.
- Modify Device Settings: Change configurations, disable features, or even brick the device.
- Launch Further Attacks: Use the compromised device as a foothold for attacking other devices on the network.
- Eavesdrop on Audio: Capture audio transmitted by the device.
Mitigation and Patch Steps
The primary mitigation step is to update the Smart Video Doorbell firmware to version 2.01.078 or later. Here’s how to typically perform the update:
- Check for Updates: Access the device’s settings menu through the manufacturer’s mobile app (e.g., SwitchBot app) or web interface.
- Initiate the Update: Select the “Firmware Update” option and follow the on-screen instructions.
- Ensure Stable Connection: Keep the device powered on and connected to a stable internet connection during the update process.
- Verify the Update: After the update completes, verify the firmware version to ensure it is 2.01.078 or higher.
If an update is not immediately available, consider disabling the device temporarily or placing it behind a strong firewall to limit exposure.
