Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows authenticated attackers to create accounts with elevated privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.