cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1099,https://securityvulnerability.io/vulnerability/CVE-2025-1099,Hard-coded RSA Key Vulnerability in TP-Link Tapo C500 Cameras,"The TP-Link Tapo C500 Wi-Fi security cameras, namely versions V1 and V2, are vulnerable due to a hard-coded RSA private key embedded in their firmware. This flaw allows an attacker with physical access to the device to extract these cryptographic keys. Once compromised, these keys can facilitate impersonation attacks, enable data decryption, and allow for man-in-the-middle attacks against the vulnerable device, posing significant risks to the integrity and security of surveillance operations.",Tp-link,"Tapo C500 V1 Wi-fi Camera,Tapo C500 V2 Wi-fi Camera",7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T10:44:26.274Z,0
CVE-2024-10523,https://securityvulnerability.io/vulnerability/CVE-2024-10523,TP-Link IoT Smart Hub Vulnerability: Wi-Fi Credentials Stored in Plain Text,This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.,Tp-link,Tp-link Tapo H100 Iot Smart Hub,4.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-04T12:00:05.802Z,0
CVE-2024-31340,https://securityvulnerability.io/vulnerability/CVE-2024-31340,TP-Link Tether vulnerability allows remote unauthenticated attacker to eavesdrop on encrypted communication,"TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.",Tp-link,"Tp-link Tether,Tp-link Tapo",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-22T05:29:04.007Z,0
CVE-2023-41184,https://securityvulnerability.io/vulnerability/CVE-2023-41184,TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability,"The TP-Link Tapo C210 IP camera contains a significant stack-based buffer overflow vulnerability within its ActiveCells parameter handling in the CreateRules and ModifyRules APIs. This flaw arises from inadequate validation of user-supplied data lengths, which may allow an attacker to exploit the vulnerability by executing arbitrary code on affected devices. Although an authentication step is required, the effectiveness of existing mechanisms can be compromised, enabling attackers to perform code execution in the context of root privileges. As a result, users are prompted to ensure that their devices are adequately secured against potential exploitation. Detailed advisory can be found on the Zero Day Initiative's website.",Tp-link,Tapo C210,6.8,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2024-05-03T02:11:45.362Z,0
CVE-2023-35717,https://securityvulnerability.io/vulnerability/CVE-2023-35717,TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability,"The TP-Link Tapo C210 IP camera has a vulnerability within its password recovery process that enables network-adjacent attackers to bypass authentication. This flaw stems from an over-reliance on the secrecy of the password derivation algorithm utilized in generating recovery passwords. As a result, the lack of proper authentication measures allows unauthorized users to access the system, raising significant concerns regarding the security of installations relying on this product. It is essential for users to be aware of this vulnerability and take appropriate measures to secure their devices.",Tp-link,Tapo C210,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-03T01:57:38.702Z,0
CVE-2023-49515,https://securityvulnerability.io/vulnerability/CVE-2023-49515,Insecure Permissions Vulnerability in TP Link TC70 and C200 WiFi Camera,An insecure permissions vulnerability in TP Link's TC70 and C200 WiFi Cameras allows a physically proximate attacker to access sensitive information by exploiting the UART pin components. The issue is present in firmware version 1.3.4 and has been addressed in version 1.3.11. Users are encouraged to update to the latest firmware to mitigate potential security risks.,Tp-link,Tapo C200 Firmware,4.6,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2024-01-17T00:00:00.000Z,0
CVE-2023-34829,https://securityvulnerability.io/vulnerability/CVE-2023-34829,Access Control Vulnerability in TP-Link Tapo Smart Home Devices,"A vulnerability in TP-Link Tapo smart home devices prior to firmware version 3.1.315 allows unauthorized access to user credentials in plaintext. Attackers may exploit this weakness to compromise sensitive information, putting users at risk of unauthorized control over their smart devices. It is essential for users to update their firmware to mitigate this security risk and safeguard their personal data.",Tp-link,Tapo,6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2023-12-28T03:15:00.000Z,0
CVE-2023-39610,https://securityvulnerability.io/vulnerability/CVE-2023-39610,Denial of Service Vulnerability in TP-Link Tapo C100 Camera,"The TP-Link Tapo C100 camera is susceptible to a Denial of Service (DoS) attack due to a flaw in its web interface. Attackers can exploit this vulnerability by sending specially crafted web requests to the device. This can lead to interruptions in the camera's functionality, rendering it inoperable until it is restarted. Users are advised to review their device settings and apply available firmware updates to mitigate this issue. For more details, visit the [TP-Link Tapo C100 vulnerability report](https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service).",Tp-link,Tapo C100 Firmware,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-10-31T00:00:00.000Z,0
CVE-2023-38907,https://securityvulnerability.io/vulnerability/CVE-2023-38907,Replay Attack Vulnerability in TPLink Smart Bulb Tapo Series,"An identified vulnerability in TPLink's Tapo series of smart bulbs allows remote attackers to replay previously intercepted messages due to weaknesses in message encryption. This can occur when valid session keys are still in use, enabling unauthorized access to controls and functions of the affected devices. Users with products such as the Tapo L530, L510E, L630, P100, and the Tapo Application are particularly at risk, as outdated firmware versions may be exploited by attackers to compromise household security.",Tp-link,Tapo L530e Firmware,7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2023-09-25T23:15:00.000Z,0
CVE-2023-38908,https://securityvulnerability.io/vulnerability/CVE-2023-38908,Information Disclosure in TPLink Smart Bulb Tapo Series by TPLink,"A vulnerability in the TPLink Smart Bulb Tapo series permits remote attackers to access sensitive information due to flaws within the TSKEP authentication function. This affects specific models and app versions, leading to potential exploitation within users' home networks.",Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-08-22T01:15:00.000Z,0
CVE-2023-38909,https://securityvulnerability.io/vulnerability/CVE-2023-38909,Vulnerability in TPLink Smart Bulb Tapo series Allows Remote Information Disclosure,"A vulnerability exists in the TPLink Smart Bulb Tapo series allowing remote attackers to access sensitive information. This issue affects several models, including L530, L510E, L630, and P100, as well as the Tapo Application. The flaw arises from inadequate protection of the Initialization Vector (IV) used in the AES128-CBC encryption process, which could lead to the exposure of critical data. It is essential for users to update their devices to the latest firmware versions to mitigate potential risks.",Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2023-08-22T01:15:00.000Z,0
CVE-2023-38906,https://securityvulnerability.io/vulnerability/CVE-2023-38906,Remote Information Disclosure in TPLink Smart Bulbs and Cameras,A vulnerability exists in certain TP-Link Smart Bulb and Camera models that allows a remote attacker to gain access to sensitive information by exploiting weaknesses in the handling of UDP authentication codes. This could lead to unauthorized access to user data and pose significant privacy risks.,Tp-link,"Tapo,Tapo L530e Firmware",6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2023-08-22T00:15:00.000Z,0
CVE-2023-27126,https://securityvulnerability.io/vulnerability/CVE-2023-27126,Reused AES Key-IV Pair in TP-Link TAPO C200 Camera Firmware,"The TP-Link TAPO C200 camera has a security flaw where the AES Key-IV pair is reused across all devices running the affected firmware version. This weakness means that if an attacker gains physical access to a camera, they can extract encrypted sensitive data, including the victim's Wi-Fi password and TP-Link account credentials. This presents a significant risk, especially in environments where cameras are easily accessible. Users of this camera model are urged to secure their devices and monitor for any unauthorized access.",Tp-link,Tapo C200 Firmware,4.6,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-06-06T00:00:00.000Z,0
CVE-2022-37255,https://securityvulnerability.io/vulnerability/CVE-2022-37255,Unauthorized Video Stream Access in TP-Link Tapo C310 Devices,"The TP-Link Tapo C310 devices running version 1.3.0 expose RTSP video feed access, allowing unauthorized users to gain access using default credentials. This vulnerability poses risks to user privacy and security, enabling the potential viewing of sensitive video footage without proper authorization.",Tp-link,Tapo C310 Firmware,7.5,HIGH,0.026030000299215317,false,,false,false,false,,,false,false,,2023-04-16T00:00:00.000Z,0
CVE-2022-41505,https://securityvulnerability.io/vulnerability/CVE-2022-41505,Access Control Flaw in TP-Link Tapo C200 V1 Devices,"An identified access control issue in TP-Link Tapo C200 V1 devices allows unauthorized individuals in close proximity to take advantage of a weakness in the system. By connecting to the UART pins and interrupting the boot process, attackers can achieve root access by executing commands with init=/bin/sh. This flaw underscores the importance of physical security measures and highlights potential risks associated with unprotected hardware interfaces.",Tp-link,Tapo C200 V1 Firmware,6.4,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2023-01-23T00:00:00.000Z,0
CVE-2021-4045,https://securityvulnerability.io/vulnerability/CVE-2021-4045,TP-LINK Tapo C200 remote code execution vulnerability,"TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.",Tp-link,Tapo C200,9.8,CRITICAL,0.4038200080394745,false,,false,false,true,2023-12-26T08:20:49.000Z,true,false,false,,2022-03-10T17:44:00.000Z,0