Reolink Camera Command Injection (Ddns Username) 1. Reporting Information Team Name: Team Brrester 2. Overview of Vulnerabilities Vulnerability Title: Command Injection Date of Discovery: 2025.07.10 Discovery Location: Input parameters of in netserver Vulnerability Type (CWE ID): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability Description: It is passed to , which acts as a function of the user's input system() and allows instructions to be inserted due to incomplete shell metacharacter filtering. 3. Details Impacted Products/Services: Smart 2K+ Wired WiFi Video Doorbell with Chime d340w Product Version: firmware v3.0.0.4662_2503122283 Vulnerable Components: