Product Roadmap: What's Coming Next
How ColorX Technology Turn Night into Day
Reolink App v4.41 Released
As I explained in this thread that is now being ignored... https://community.reolink.com/topic/4446/rln36-kills-all-my-camers-major-security-flaw-found?post_id=18907&_=1673150083648I purchased a new NVR system. All of my cameras were on a dedicated VLAN and have specific IP addresses plugged in. I purchased the NVR as a backup and hopefully a replacement for my power hungry Blueiris NVR. I powered the thing on and connected it to my dedicated VLAN. One by one every recent REOLINK branded camera went dark despite the device not having a user name and pa*sword for any of them. All of them had a static DHCP address a*signed but yet this off the shelf NVR hijacked all of them and took them offline. I get that it makes the system easier to configure cameras for new people to but there has to be an option to turn this feature off. It has to use a workaround to take over the cameras. I keep replying to the original thread and I have stopped getting responses. If I can hook up a $200 NVR to a system with cameras having pa*swords and they simply roll over and change their IPs then it is very easy to conclude people can exploit this issue. If you arnt going to fix it at least explain which port I need to block to prevent someone from sending a command and completely circumventing my configuration.
@user_612681119584296_612681119584296 When the Reolink NVR is switched on it will automatically scan the network for any Reolink camera using a proprietary protocol and if DHCP is on it will a*sign them an IP. Have you emailed Reolink support?
@joseph-chircop_497308027822318 It should not be able to take over the cameras. Reolink support has responded to my above thread. Will manually sitting the IP address on the camera fix this problem? Because if the device has an address from DHCP it should not change unless the DHCP server that sat it changes it. This is essentially imitating a man in the middle attack but the cameras are designed to let it happen. I just want an option to cut it off. The chances of a person exploiting this is low IE if they gain physical access to an ethernet cable they could just feed it 96v DC and probably force shut down most POE switches. But I really would like to eliminate it.
Hi there! Join the Commnunity to get all the latest news, tips and more!