[Japanese]

JVNDB-2025-000111

SwitchBot Smart Video Doorbell vulnerable to active debug code

Overview

Smart Video Doorbell provided by SwitchBot contains the following vulnerability.
  • Active debug code (CWE-489) - CVE-2025-64983
Researcher reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.0 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


SWITCHBOT INC
  • Smart Video Doorbell firmware versions prior to 2.01.078

Impact

An attacker on an adjacent network may connect via Telnet and gain access to the device.
Solution

[Update the Firmware]
Update the firmware of the base unit and the extension unit of the product to the latest version.
The developer provides the automatic update of firmware.
Vendor Information

SWITCHBOT INC
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-64983
References

  1. JVN : JVN#67185535
Revision History

  • [2025/11/26]
      Web page was published

Date Public2025/11/26
Date First Published2025/11/26
Date Last Updated2025/11/26