Navigation

    Home
    All Categories
    • KEEN Trail Camera
    • Top #ReolinkCaptures Awards
    • Announcements and News
    • Wishlist
    • #ReolinkTrial
    • Discussion About Products
    • Reolink Captures
    • Reolink Client & APP
    #ReolinkTrial
    Reolink Captures
    Log in to post
    Guest
    • Guest
    • Register
    • Login

    Learn More

    Reolink updates Learn More

    Meet Reolink at IFA 2024! Learn More

    Reolink Q&A Learn More

    Limit access provided to "guest" users

    Wishlist
    2
    2
    668
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • z0mbie_262929972969680
      z0mbie last edited by

      Currently if you log into a Reolink camera with a 'guest' account via the camera's URL, you can see the entire camera's configuration to include but no limited to:


      • * Network information (now I know what the internal network looks like)

      • * FTP username and server address (now I can brute force this)

      • * Email accounts used (information gathering and potentially people's names)

      • * Camera's recording schedule (now I know when I won't be detected if i'm a person with malicious intent)



      There should be really no reason at all to allow a 'guest' user to even access the configuration settings or 'gear' icon through the web page at all. I can understand allowing them to change their password but guests should be treated with 'zero trust'. It is not enough that they aren't allowed to change anything but you can take this one step further and not provide them viewing access to important/critical configuration settings. Thinking from a pentester's point of view, you can gain a lot of information if a guest account is compromised on these Reolink cameras.

      Reply Quote
      Share
      • Share this Post
      • Facebook
      • Twitter
      • copy the link
        Copied!
      0
        View 0 replies
      • Cynthia_124785627824270
        Cynthia last edited by

        Hello friend, appreciate your feedback on the 'Guest Account' permission when accessing the camera via a web browser.
        We have been diligently working on implementing some selected user requests. And I’m honoured to have yours added to the list. Some nice ideas have been implemented as you can see in our changelog (What’s New) of firmware/software updates. Please kindly understand that bug fixes are our top priority and then user request or feature request. So it may take some time to see yours become true. Please stay tuned!

        You may subscribe our emails to get the news: https://reolink.us13.list-manage.com/subscribe/post?u=c0cb1c1b65426a6d9b3609705&id=a9bc53daec.

        Reply Quote
        Share
        • Share this Post
        • Facebook
        • Twitter
        • copy the link
          Copied!
        0
          View 0 replies
        • First post
          Last post
        All Categories
        Announcements and News Reolink Client & APP Discussion About Products #ReolinkTrial Reolink Captures Wishlist KEEN Trail Camera
        Never miss Reolink hot deals, news, and updates tailored for you.

        Thanks for your subscription!

        Please enter a valid email address.

        Oops… Something went wrong. Please try again later.

        You are already subscribed to this email list. :)

        Submission failed. Please try again later.

        Reolink Store|Support|About Us|Privacy Policy|Terms and Conditions

        Copyright 2025 © Reolink All Rights Reserved.

        Welcome Back!

        Hi there! Join the Commnunity to get all the latest news, tips and more!

        Join Now