cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-10523,https://securityvulnerability.io/vulnerability/CVE-2024-10523,TP-Link IoT Smart Hub Vulnerability: Wi-Fi Credentials Stored in Plain Text,This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.,Tp-link,Tp-link Tapo H100 Iot Smart Hub,4.6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-04T12:00:05.802Z,0 CVE-2024-31340,https://securityvulnerability.io/vulnerability/CVE-2024-31340,TP-Link Tether vulnerability allows remote unauthenticated attacker to eavesdrop on encrypted communication,"TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.",Tp-link,"Tp-link Tether,Tp-link Tapo",,,0.00044999999227002263,false,false,false,false,,false,false,2024-05-22T05:29:04.007Z,0 CVE-2023-41184,https://securityvulnerability.io/vulnerability/CVE-2023-41184,TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability,"The TP-Link Tapo C210 IP camera contains a significant stack-based buffer overflow vulnerability within its ActiveCells parameter handling in the CreateRules and ModifyRules APIs. This flaw arises from inadequate validation of user-supplied data lengths, which may allow an attacker to exploit the vulnerability by executing arbitrary code on affected devices. Although an authentication step is required, the effectiveness of existing mechanisms can be compromised, enabling attackers to perform code execution in the context of root privileges. As a result, users are prompted to ensure that their devices are adequately secured against potential exploitation. Detailed advisory can be found on the Zero Day Initiative's website.",Tp-link,Tapo C210,6.8,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:11:45.362Z,0 CVE-2023-35717,https://securityvulnerability.io/vulnerability/CVE-2023-35717,TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability,"The TP-Link Tapo C210 IP camera has a vulnerability within its password recovery process that enables network-adjacent attackers to bypass authentication. This flaw stems from an over-reliance on the secrecy of the password derivation algorithm utilized in generating recovery passwords. As a result, the lack of proper authentication measures allows unauthorized users to access the system, raising significant concerns regarding the security of installations relying on this product. It is essential for users to be aware of this vulnerability and take appropriate measures to secure their devices.",Tp-link,Tapo C210,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T01:57:38.702Z,0 CVE-2023-49515,https://securityvulnerability.io/vulnerability/CVE-2023-49515,Insecure Permissions Vulnerability in TP Link TC70 and C200 WiFi Camera,An insecure permissions vulnerability in TP Link's TC70 and C200 WiFi Cameras allows a physically proximate attacker to access sensitive information by exploiting the UART pin components. The issue is present in firmware version 1.3.4 and has been addressed in version 1.3.11. Users are encouraged to update to the latest firmware to mitigate potential security risks.,Tp-link,Tapo C200 Firmware,4.6,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2024-01-17T00:00:00.000Z,0 CVE-2023-34829,https://securityvulnerability.io/vulnerability/CVE-2023-34829,Access Control Vulnerability in TP-Link Tapo Smart Home Devices,"A vulnerability in TP-Link Tapo smart home devices prior to firmware version 3.1.315 allows unauthorized access to user credentials in plaintext. Attackers may exploit this weakness to compromise sensitive information, putting users at risk of unauthorized control over their smart devices. It is essential for users to update their firmware to mitigate this security risk and safeguard their personal data.",Tp-link,Tapo,6.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-12-28T03:15:00.000Z,0 CVE-2023-39610,https://securityvulnerability.io/vulnerability/CVE-2023-39610,Denial of Service Vulnerability in TP-Link Tapo C100 Camera,"The TP-Link Tapo C100 camera is susceptible to a Denial of Service (DoS) attack due to a flaw in its web interface. Attackers can exploit this vulnerability by sending specially crafted web requests to the device. This can lead to interruptions in the camera's functionality, rendering it inoperable until it is restarted. Users are advised to review their device settings and apply available firmware updates to mitigate this issue. For more details, visit the [TP-Link Tapo C100 vulnerability report](https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service).",Tp-link,Tapo C100 Firmware,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0 CVE-2023-38907,https://securityvulnerability.io/vulnerability/CVE-2023-38907,Replay Attack Vulnerability in TPLink Smart Bulb Tapo Series,"An identified vulnerability in TPLink's Tapo series of smart bulbs allows remote attackers to replay previously intercepted messages due to weaknesses in message encryption. This can occur when valid session keys are still in use, enabling unauthorized access to controls and functions of the affected devices. Users with products such as the Tapo L530, L510E, L630, P100, and the Tapo Application are particularly at risk, as outdated firmware versions may be exploited by attackers to compromise household security.",Tp-link,Tapo L530e Firmware,7.5,HIGH,0.001449999981559813,false,false,false,false,,false,false,2023-09-25T23:15:00.000Z,0 CVE-2023-38908,https://securityvulnerability.io/vulnerability/CVE-2023-38908,,"An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.",Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.0012000000569969416,false,false,false,false,,false,false,2023-08-22T01:15:00.000Z,0 CVE-2023-38909,https://securityvulnerability.io/vulnerability/CVE-2023-38909,,"An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.",Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.0012199999764561653,false,false,false,false,,false,false,2023-08-22T01:15:00.000Z,0 CVE-2023-38906,https://securityvulnerability.io/vulnerability/CVE-2023-38906,,"An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.",Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2023-08-22T00:15:00.000Z,0 CVE-2023-27126,https://securityvulnerability.io/vulnerability/CVE-2023-27126,,The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.,Tp-link,Tapo C200 Firmware,4.6,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2023-06-06T00:00:00.000Z,0 CVE-2022-37255,https://securityvulnerability.io/vulnerability/CVE-2022-37255,Unauthorized Video Stream Access in TP-Link Tapo C310 Devices,"The TP-Link Tapo C310 devices running version 1.3.0 expose RTSP video feed access, allowing unauthorized users to gain access using default credentials. This vulnerability poses risks to user privacy and security, enabling the potential viewing of sensitive video footage without proper authorization.",Tp-link,Tapo C310 Firmware,7.5,HIGH,0.026030000299215317,false,false,false,false,,false,false,2023-04-16T00:00:00.000Z,0 CVE-2022-41505,https://securityvulnerability.io/vulnerability/CVE-2022-41505,,"An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.",Tp-link,Tapo C200 V1 Firmware,6.4,MEDIUM,0.001180000021122396,false,false,false,false,,false,false,2023-01-23T00:00:00.000Z,0 CVE-2021-4045,https://securityvulnerability.io/vulnerability/CVE-2021-4045,TP-LINK Tapo C200 remote code execution vulnerability,"TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.",Tp-link,Tapo C200,9.8,CRITICAL,0.36149001121520996,false,false,false,true,true,false,false,2022-03-10T17:44:00.000Z,0