Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allow attackers to arbitrarily change other users passwords via manipulation of the userName value.
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.