Reolink
Reolink is a Shenzhen-based smart home security camera brand offering indoor, outdoor, PoE, and battery-powered cameras with local storage options via microSD, NVR, and NAS. The company differentiates itself by not requiring a cloud subscription for core functionality, supporting open protocols like ONVIF and RTSP, and offering an official Home Assistant integration.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
Reolink operated as a small Shenzhen-based manufacturer of wired DVR/NVR security camera systems with no cloud services, no app, and no consumer brand presence. The company sold through limited channels with minimal attack surface. Governance opacity and Shenzhen manufacturing context contributed baseline labor/governance scores, while basic security practices for local-only devices kept regulatory risk manageable.
The Argus Indiegogo campaign raised over $1M, validating Reolink's pivot from wired systems to consumer wire-free cameras. US market entry via Delaware and Amazon distribution dramatically expanded the customer base. Cloud subscriptions launched alongside battery cameras, introducing optional recurring revenue. The growing connected device footprint and P2P connectivity increased the security attack surface, though no major vulnerabilities had yet been publicly disclosed.
CISA published an ICS advisory for Reolink P2P cameras after Nozomi Networks discovered CVSS 9.1 cleartext transmission and hard-coded cryptographic key vulnerabilities. The P2P relay architecture routed connections through vendor servers without adequate user notification. CVE-2019-11001 confirmed OS command injection affecting multiple camera models. Reolink patched the P2P issues but the pattern of fundamental security design flaws established a concerning track record. AI smart detection launched, adding algorithmic opacity alongside genuine user value improvements.
Reolink doubled cloud subscription pricing from $34 to $69 while expanding rapidly into dual-lens cameras, doorbells, and floodlights. Cisco Talos discovered a hardcoded TLS key and multiple additional vulnerabilities in the RLC-410W. Hong Kong's Consumer Council found unencrypted data transmission and persistent session key flaws. The product portfolio grew impressively, but the cloud price hike, Reolink NVR lock-in, and accumulating security findings nudged multiple dimensions upward. The hire of a former Huawei IP counsel signaled institutional maturation.
CISA added two Reolink CVEs to its Known Exploited Vulnerabilities catalog in December 2024, confirming active exploitation. Exodus Privacy discovered three Chinese trackers in the Android app in January 2025, which Reolink removed claiming they were development tools. Positive developments included the Home Assistant platinum partnership in April 2025 and the ReoNeura local AI system, but the accumulation of security incidents and governance opacity kept the score elevated.
Alternatives
No-subscription PoE and IP cameras with ONVIF/RTSP support and NVR/NAS local storage. Favored by technical users running Blue Iris or Home Assistant setups. Easy switch if you already use a third-party NVR — just replace cameras. More utilitarian app and interface than Reolink but strong hardware reliability.
Privacy-focused security cameras with local storage via HomeBase hub (up to 16TB), no mandatory subscription, and strong AI detection (face recognition, package detection) processed locally. Easy switch — similar setup process, no ecosystem migration needed. Slightly higher price point than Reolink but better app reliability and smarter detection without cloud dependency.
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (49 events)
Reolink Founded in Shenzhen by Colin Lau
Colin Lau founded Shenzhen Reolink Technology Co., Ltd. in Shenzhen, China, initially producing wired DVR/NVR-based security camera systems for local recording. The company operated as a small hardware manufacturer with no cloud services or consumer brand presence.
Reolink Enters US Market via Delaware
Reolink established operations in Wilmington, Delaware, marking its entry into the North American market. The company introduced enhanced PoE camera lines tailored for US consumers and businesses, beginning its transition from a Chinese-only manufacturer to a global brand sold through Amazon and its own website.
Reolink Keen Play & Say Beta Program Launched
Reolink launched a feedback program called 'Play & Say' to invite testers for the prototype of Reolink Keen, the world's first 100% wire-free battery-powered pan-tilt smart home camera. The program represented Reolink's first attempt at community-driven product development ahead of its consumer brand launch at CES 2017.
Reolink Keen Unveiled at CES 2017
Reolink debuted the Keen at CES 2017, the world's first 100% wire-free battery-powered pan-tilt smart home camera. Featuring 1080p HD, 355-degree pan and 105-degree tilt, and wireless PIR motion detection, the Keen marked Reolink's transformation from a wired DVR/NVR manufacturer to a consumer smart home brand.
Reolink Argus Indiegogo Campaign Raises Over $1M
Reolink launched the Argus on Indiegogo, the world's first 100% wire-free weatherproof 1080p Full HD security camera. The campaign shattered its funding goal, raising over $1,001,252 from more than 6,219 backers (4,005% funded). Starting at $72 for early bird pricing, the Argus validated strong consumer demand for affordable, subscription-free wire-free security cameras.
Reolink Enables Multi-Level Security Features
Reolink announced multi-level security features for its IP cameras, including SSL encryption, WPA2-AES encryption, and SSL-TLS for data transmission. This represented the company's first formal security hardening effort as its cameras gained internet connectivity and cloud features.
Reolink Argus 2 Launches with Solar Power Option
Reolink launched the Argus 2, a wire-free rechargeable battery and solar-powered 1080p security camera, priced at $129.99. The addition of solar panel compatibility via Micro USB enabled truly non-stop wireless operation, building on the original Argus success. The camera included starlight night vision and weatherproofing for outdoor use.
Reolink Argus PT Adds Pan-Tilt to Battery Cameras
Reolink launched the Argus PT, an outdoor battery-powered pan-tilt security camera compatible with the Reolink Solar Panel for completely wire-free operation. This expanded the battery camera lineup with motorized 355-degree pan and 140-degree tilt capability, creating a richer product ecosystem that increased switching costs for multi-camera setups.
Reolink Go 4G LTE Camera Available Worldwide
Reolink announced worldwide availability of the Reolink Go, a 100% wire-free 4G LTE security camera operating on cellular networks without WiFi. The product addressed remote monitoring needs but introduced cellular data plans starting at $5.99/month, Reolink's first recurring revenue product alongside cloud subscriptions.
Reolink E1 Pro Indoor Camera Launched
Reolink debuted the E1 Pro, a 5MP WiFi indoor pan-tilt camera with smart detection, auto tracking, and baby crying alerts. Priced affordably, the E1 series targeted the indoor home monitoring segment previously dominated by Nest and Ring. The camera's lack of RTSP/ONVIF support on early firmware became a point of user frustration.
CVE-2019-11001 OS Command Injection Disclosed
Security researchers disclosed CVE-2019-11001, an authenticated OS command injection vulnerability affecting Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W through firmware 1.0.227. An authenticated admin could use the TestEmail functionality to inject and run OS commands as root. CVSS score: 7.2 (High). This was the first major CVE assigned to Reolink products.
Reolink Lumos Spotlight Camera Launched
Reolink debuted the Lumos, its first outdoor WiFi spotlight camera with motion-activated 180-lumen LED light, siren, and color night vision. The camera expanded Reolink's product categories beyond basic recording into active deterrence, competing with Ring Floodlight and Arlo Essential Spotlight cameras.
Security Researcher Reverse Engineers Reolink Protocols
Security researcher George Hilliard published detailed research reverse engineering Reolink camera protocols, creating open-source software called Neolink. The research documented the internal workings of Reolink's proprietary Baichuan protocol, revealing that cameras send data to Reolink's AWS servers approximately every 10 seconds via P2P connections.
Reolink Launches First Smart Person/Vehicle Detection Cameras
Reolink released its first AI-powered smart detection cameras capable of distinguishing persons from vehicles and other motion, reducing false alarms. The initial lineup included two cameras and two NVR systems in 5MP resolution. This represented Reolink's entry into on-device AI processing, though the detection algorithms operated as black boxes with no transparency into model training or data handling.
Reolink RLC-810A 4K AI Camera Reviewed
CNX Software reviewed the Reolink RLC-810A, one of Reolink's first 4K (8MP) PoE cameras with AI-powered person and vehicle detection. The camera marked Reolink's move to 4K resolution for wired cameras, recording at 3840x2160 with H.265 encoding. Smart detection operated on-device without cloud dependency.
Reolink Expands AI Detection to Three More Camera Models
Reolink released three additional AI-assisted cameras (RLC-520A, RLC-820A, RLC-822A) with person/vehicle detection in 5MP and 4K resolutions, expanding the smart detection lineup launched in September 2020. The cameras featured on-device AI processing with no subscription required for smart alerts.
CISA Publishes ICS Advisory for Reolink P2P Cameras
CISA published ICS advisory ICSA-21-019-02 for Reolink P2P cameras following Nozomi Networks Labs' discovery of vulnerabilities CVE-2020-25169 (cleartext transmission, CVSS 9.1) and CVE-2020-25173 (hard-coded cryptographic key, CVSS 7.7). The most critical vulnerability allowed attackers to access audio/video streams across the internet. CISA recommended users disable P2P functionality.
Reolink Releases P2P Firmware Fix
Reolink released firmware updates addressing the P2P vulnerabilities disclosed by Nozomi Networks and CISA, applying new and more reliable cryptography using Digest Authentication. The fix replaced the hard-coded keys and cleartext transmission with encrypted communications, though the P2P relay architecture remained intact.
Nozomi Networks Details P2P Vulnerability Impact
Nozomi Networks published detailed research showing that Reolink's P2P server architecture routes camera connections through vendor-managed servers, creating a man-in-the-middle risk. The cleartext audio/video stream could be intercepted by the vendor or any attacker who compromised the relay infrastructure. Nozomi recommended VPN-based alternatives to P2P connectivity.
Reolink Argus 3 Pro Launched with Spotlight
Reolink launched the Argus 3 Pro, a 5MP wireless camera with built-in spotlight for color night vision, dual-band 2.4/5GHz WiFi, and person/vehicle smart detection. The camera earned Forbes Home Best of 2022 recognition for solar security cameras, further establishing Reolink's position in the battery-powered segment.
CVE-2021-40407 OS Command Injection in RLC-410W
Cisco Talos discovered CVE-2021-40407, an authenticated OS command injection vulnerability in the Reolink RLC-410W's network settings functionality. Combined with CVE-2021-40404 (authentication bypass), this allowed potential unauthorized command execution. This was later added to CISA's Known Exploited Vulnerabilities catalog in December 2024.
Cisco Talos Discovers Hardcoded TLS Key in RLC-410W
Cisco Talos published TALOS-2022-1448 (CVE-2022-21199), revealing that the Reolink RLC-410W shipped with a hardcoded TLS private key in its firmware at /mnt/app/www/self.key. This allowed man-in-the-middle attacks to intercept encrypted communications. Additional vulnerabilities included five denial-of-service flaws and two information disclosure issues.
Reolink Announces Doorbell Camera and 16X Zoom Lineup
Reolink announced its first-ever video doorbell cameras (PoE and WiFi versions) alongside a 16X optical zoom camera, launching in summer 2022. The PoE doorbell at $89.99 and WiFi doorbell at $99.99 offered 2K+ (5MP) resolution with person detection and local storage, competing with Ring and Nest doorbells without requiring subscriptions.
Reolink Duo 2 Dual-Lens 4K Camera Released
Reolink released the Duo 2, an industry-pioneering dual-lens security camera with 180-degree panoramic view in 4K (4608x1728) resolution, upgrading from the first-gen Duo's 2K resolution. Available as PoE ($149.99) and WiFi ($159.99), the camera used image stitching from two 4MP sensors. This multi-lens innovation became a core differentiator for the Reolink product line.
Reolink Duo Floodlight 4K Released
Reolink launched the Duo Floodlight in PoE and WiFi versions, combining a dual-lens 4K 180-degree camera with 1,800-lumen floodlights. Available in the US and Europe, the product expanded Reolink into the floodlight camera category previously dominated by Ring and Arlo, offering similar functionality without mandatory subscriptions.
Reolink TrackMix Dual-Lens PTZ Showcased at CES 2023
Reolink showcased the TrackMix LTE at CES 2023, a 4G wire-free auto-zoom tracking camera combining wide-angle and telephoto lenses with 6X hybrid zoom. The TrackMix series represented Reolink's entry into dual-purpose surveillance cameras that simultaneously capture panoramic views and zoomed-in details of tracked subjects.
Reolink Ceases Russian Sales Amid Sanctions Scrutiny
Reolink claimed it ceased all sales to Russia in February 2023 following scrutiny over potential violations of US export controls and sanctions. IPVM had identified Reolink as a major player in the Russian consumer security camera market. ChannelNews Australia later reported that the Reolink European website still listed Russia under an EU listing as a purchase location.
Hong Kong Consumer Council Finds Reolink Security Flaws
Hong Kong's Consumer Council tested 10 home surveillance cameras and found that Reolink's camera transmitted data via unencrypted HTTP over WiFi, exposing sensitive information. Additionally, the Reolink camera allowed session keys from previous logins to remain valid, permitting unauthorized access to live video feeds even after logout. Only one of 10 tested cameras (Arlo) met European cybersecurity standards.
Reolink Cloud Subscription Pricing Doubled
Reolink doubled its cloud subscription pricing from $34 to $69 per year, citing increased cloud storage costs. Community members disputed the rationale, noting that cloud storage costs have generally decreased. Reolink indicated it would release a local storage device as a cloud alternative. The price increase affected only the optional cloud tier; local storage functionality remained subscription-free.
Reolink Client Update Breaks Live View
The October 2023 Reolink desktop client update caused widespread live view failures, with users unable to access camera feeds despite cameras appearing in menus. Mac users reported the issue persisted through reboots, UID connections, and IP connections. The update demonstrated the risk of app-dependent camera management where firmware updates can silently break core functionality.
Reolink Hires Former Huawei IP Counsel as Legal Head
Reolink hired Dongfang Shan, former principal IP counsel at Huawei, as General Counsel and Director of IP and Legal Affairs. Shan brought an 18-person legal team including 10 patent attorneys managing roughly 200 patents across China, Europe, and the US. Under his leadership, Reolink tripled its patent filing rate from 2023 levels, signaling an aggressive IP strategy.
Reolink Unveils 16MP Duo 3 PoE at CES 2024
Reolink debuted the Duo 3 PoE at CES 2024, an industry-first 16MP dual-lens security camera with 180-degree view. The company also expanded its ColorX true color night vision technology to 4K, WiFi, and PTZ lineups with F1.0 super aperture. Reolink previewed the Argus 4 Pro wireless camera and showcased Motion Track trajectory mapping.
ThroughTEK Files Patent Infringement Lawsuit Against Reolink
ThroughTEK Co., Ltd. filed a patent infringement complaint against Reolink Innovation Inc. in the U.S. District Court for the District of Delaware (Case 1:24-cv-00169), alleging infringement of patent 9,727,655 related to P2P network connection technology. The suit also named Amazon, Home Depot, Walmart, and eBay as co-defendants for selling the allegedly infringing products.
Reolink Argus 4 Pro Launches with ColorX Night Vision
Reolink launched the Argus 4 Pro, the world's first 4K battery-powered camera with ColorX night vision and dual image stitching for 180-degree coverage. The camera featured Wi-Fi 6 for smooth 4K streaming and achieved 30% better battery life than IR 4K cameras. It won the Muse Design Awards 2025.
Reolink Files Inter Partes Review Against ThroughTEK Patent
Reolink Innovation Inc. filed an inter partes review (IPR2024-01192) at the USPTO Patent Trial and Appeal Board challenging ThroughTEK's P2P networking patent. The PTAB subsequently determined the challenged claims were unpatentable as obvious over prior art, including a Lorex camera user guide describing peer-to-peer connections.
Reolink Unveils Home Hub and Altas PT Ultra at IFA 2024
Reolink unveiled the Home Hub Pro at IFA Berlin 2024, a centralized local storage device supporting up to 24 cameras with 16TB HDD capacity and AES-128 encryption. The Home Hub offered true local storage with SD cards, offline recording, and no monthly fees, positioning it as a privacy-focused alternative to cloud NVR solutions.
ThroughTEK Files Second Patent Lawsuit Against Reolink
ThroughTEK filed a second patent infringement case (1:24-cv-01027) against Reolink in the District of Delaware, expanding the defendant list to include Costco Wholesale Corporation, Sam's West Inc., and Shenzhen Reolink Technology Co., Ltd. The continued litigation reflects ongoing IP disputes in the IoT camera P2P technology space.
Reolink Android App v4.50 Ships with Chinese Trackers
Reolink Android app version 4.50.0.4, released October 24, 2024, was later found by Exodus Privacy to contain three Chinese trackers: AutoNavi/Amap, Baidu Location, and WeChat Location (affiliated with Tencent). The app also requested new permissions including READ_PHONE_STATE and RECEIVE_BOOT_COMPLETED. The trackers were not disclosed to users.
Reolink App Adds Privacy Mode for E1 Series
Reolink App update v4.49 introduced Privacy Mode, allowing users to remotely disable camera preview and recording for E1 series indoor cameras. When enabled, the camera cannot preview or record, addressing a long-requested feature for indoor privacy when users are home.
CISA Adds Two Reolink CVEs to Exploited Vulnerabilities Catalog
CISA added CVE-2019-11001 and CVE-2021-40407 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of these Reolink camera vulnerabilities in the wild. Federal agencies were required to remediate by January 2025. CISA recommended discontinuing use of affected products if no mitigations were available, a severe advisory for security camera equipment.
Reolink Debuts Altas 24/7 Battery Cameras at CES 2025
Reolink launched the Altas Series at CES 2025, the world's first 24/7 continuous recording battery-powered cameras with 20,000mAh batteries and ultra-low-power chipsets. The lineup included the 2K Altas WiFi, 4G Altas Go PT, and upgraded Altas PT Ultra. The Duo 3 WiFi with 16MP resolution and Wi-Fi 6 was also announced.
Exodus Privacy Discovers Three Chinese Trackers in Reolink App
Exodus Privacy, a European non-profit, publicly reported finding three Chinese tracking services (AutoNavi/Amap, Baidu Location, WeChat Location) embedded in Reolink's Android app. The WeChat Location tracker is affiliated with Tencent and the Chinese government. The discovery raised concerns about surveillance data collection from a security camera app managing home video feeds.
Reolink Removes Trackers and Claims Development Tools
In response to the Exodus Privacy findings, Reolink removed the three Chinese trackers from its Android app in February 2025. The company stated these trackers were development tools 'never used to collect personal data' and were 'solely implemented during development to improve app functionality.' ChannelNews Australia reported that questions remained about how development tools reached a production release.
ChannelNews Investigates Reolink's Russia Connections
ChannelNews Australia published an investigation noting that Reolink's European website still listed Russia as a purchase location despite the company's claim of ceasing sales in February 2023. IPVM had identified Reolink as a major player in the Russian security camera market, raising questions about compliance with US export controls on AI and video analytics technology.
Reolink Achieves Home Assistant Platinum Partnership
Reolink was recognized as a Platinum-tier partner in the Works with Home Assistant program, the highest classification available. The partnership ensures most Reolink cameras (excluding 4G models) can process video feeds, AI alerts, and device controls entirely within users' home networks. All Reolink cameras and NVRs were planned to be Home Assistant-compatible by late 2025.
Firmware Update Disables RTSP/ONVIF by Default
Reolink firmware updates began disabling ONVIF and RTSP ports by default, requiring users to manually re-enable them through the Windows-only Reolink desktop client. The change broke existing integrations with Frigate, Blue Iris, ZoneMinder, and other third-party NVR software. Some camera models like the E1 Pro had RTSP ports closed with no app option to re-enable them, forcing users to downgrade firmware or use Windows software.
Reolink TrackFlex Floodlight Wins 19 Best of IFA Awards
Reolink's TrackFlex Floodlight WiFi earned 19 'Best of IFA' awards at IFA 2025, including an IFA Innovation Awards Honoree designation. The product features 4K UHD, triple passive infrared sensor array for 270-degree motion detection, and granular PTZ control. The ReoNeura AI system was also showcased.
Pen Test Partners Finds RLC-520A Command Injection
Pen Test Partners published research on an authenticated command injection vulnerability in the Reolink RLC-520A camera. The flaw existed in the Camera Name attribute and could be triggered by changing network settings, potentially rendering the device useless. Reolink was working on a firmware update for remediation.
Reolink Unveils ReoNeura AI Box and OMVI Triple-Lens at CES 2026
Reolink announced the ReoNeura AI Box at CES 2026, powered by Qualcomm Dragonwing Q8, processing all detection and analysis locally with no subscription. The AI Box enables natural language video search and prompt-based alert configuration. The OMVI X16 PoE, a 24MP triple-lens camera, won a CES 2026 Innovation Award. All processing is on-device, eliminating cloud dependency.
Evidence (40 citations)
D1: User Value Erosion
D2: Business Customer Exploitation
D3: Shareholder Extraction
D4: Lock-in & Switching Costs
D5: Twiddling & Algorithmic Opacity
D6: Dark Patterns
D7: Advertising & Monetization Pressure
D8: Competitive Conduct
D9: Labor & Governance
D10: Regulatory & Legal Posture
Scoring Log (4 entries)
Stripped for Phase 2 re-enrichment