Published:2025/11/26 Last Updated:2025/11/26
JVN#67185535
SwitchBot Smart Video Doorbell vulnerable to active debug code
Overview
Smart Video Doorbell provided by SwitchBot is vulnerable to active debug code.
Products Affected
- Smart Video Doorbell firmware versions prior to 2.01.078
Description
Smart Video Doorbell provided by SwitchBot contains the following vulnerability.
- Active debug code (CWE-489)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
- CVE-2025-64983
Impact
An attacker on an adjacent network may connect via Telnet and gain access to the device.
Solution
Update the Firmware
Update the firmware of the base unit and the extension unit of the product to the latest version.
The developer provides the automatic update of firmware.
Vendor Status
| Vendor | Link |
| SwitchBot | SwitchBot Smart Video Doorbell |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Researcher reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-64983 |
| JVN iPedia |
JVNDB-2025-000111 |