Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for TP-Link Tapo App by TP-Link Systems Inc.

    CVE-2025-14553 (GCVE-0-2025-14553)

    Vulnerability from nvd – Published: 2025-12-16 18:38 – Updated: 2026-01-09 00:48
    VLAI
    Title
    Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
    Summary
    Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Juraj Nyíri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T19:09:57.442313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T19:10:54.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Application"
              ],
              "platforms": [
                "Android"
              ],
              "product": "TP-Link Tapo App",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.1.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Application"
              ],
              "platforms": [
                "iOS"
              ],
              "product": "TP-Link Tapo App",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.1.601",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.1.601"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Juraj Ny\u00edri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u0026nbsp;Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
                }
              ],
              "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-55",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-55 Rainbow Table Password Cracking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T00:48:59.820Z",
            "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
            "shortName": "TPLink"
          },
          "references": [
            {
              "url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"
            },
            {
              "url": "https://play.google.com/store/apps/details?id=com.tplink.iot"
            },
            {
              "url": "https://www.tp-link.com/us/support/faq/4840/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "assignerShortName": "TPLink",
        "cveId": "CVE-2025-14553",
        "datePublished": "2025-12-16T18:38:08.805Z",
        "dateReserved": "2025-12-11T22:58:26.015Z",
        "dateUpdated": "2026-01-09T00:48:59.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4975 (GCVE-0-2025-4975)

    Vulnerability from nvd – Published: 2025-05-22 21:17 – Updated: 2025-10-08 09:37
    VLAI
    Title
    Tapo privilege escalation on shared devices using notifications
    Summary
    When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    TP-Link Systems Inc. TP-Link Tapo app Affected: 0 , < 3.10.513 (3.10.513)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-23T14:26:25.678883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-23T14:27:40.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "TP-Link Tapo app",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.10.513",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.10.513"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
                }
              ],
              "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:37:20.297Z",
            "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
            "shortName": "TPLink"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/us/support/faq/4464/"
            },
            {
              "url": "https://play.google.com/store/apps/details?id=com.tplink.iot\u0026hl=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tapo privilege escalation on shared devices using notifications",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "assignerShortName": "TPLink",
        "cveId": "CVE-2025-4975",
        "datePublished": "2025-05-22T21:17:52.691Z",
        "dateReserved": "2025-05-20T02:56:36.381Z",
        "dateUpdated": "2025-10-08T09:37:20.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-14553 (GCVE-0-2025-14553)

    Vulnerability from cvelistv5 – Published: 2025-12-16 18:38 – Updated: 2026-01-09 00:48
    VLAI
    Title
    Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
    Summary
    Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Juraj Nyíri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T19:09:57.442313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T19:10:54.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Application"
              ],
              "platforms": [
                "Android"
              ],
              "product": "TP-Link Tapo App",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.1.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Application"
              ],
              "platforms": [
                "iOS"
              ],
              "product": "TP-Link Tapo App",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.1.601",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.1.601"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Juraj Ny\u00edri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u0026nbsp;Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
                }
              ],
              "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-55",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-55 Rainbow Table Password Cracking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T00:48:59.820Z",
            "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
            "shortName": "TPLink"
          },
          "references": [
            {
              "url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"
            },
            {
              "url": "https://play.google.com/store/apps/details?id=com.tplink.iot"
            },
            {
              "url": "https://www.tp-link.com/us/support/faq/4840/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "assignerShortName": "TPLink",
        "cveId": "CVE-2025-14553",
        "datePublished": "2025-12-16T18:38:08.805Z",
        "dateReserved": "2025-12-11T22:58:26.015Z",
        "dateUpdated": "2026-01-09T00:48:59.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4975 (GCVE-0-2025-4975)

    Vulnerability from cvelistv5 – Published: 2025-05-22 21:17 – Updated: 2025-10-08 09:37
    VLAI
    Title
    Tapo privilege escalation on shared devices using notifications
    Summary
    When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    TP-Link Systems Inc. TP-Link Tapo app Affected: 0 , < 3.10.513 (3.10.513)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-23T14:26:25.678883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-23T14:27:40.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "TP-Link Tapo app",
              "vendor": "TP-Link Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.10.513",
                  "status": "affected",
                  "version": "0",
                  "versionType": "3.10.513"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
                }
              ],
              "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:37:20.297Z",
            "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
            "shortName": "TPLink"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/us/support/faq/4464/"
            },
            {
              "url": "https://play.google.com/store/apps/details?id=com.tplink.iot\u0026hl=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tapo privilege escalation on shared devices using notifications",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "assignerShortName": "TPLink",
        "cveId": "CVE-2025-4975",
        "datePublished": "2025-05-22T21:17:52.691Z",
        "dateReserved": "2025-05-20T02:56:36.381Z",
        "dateUpdated": "2025-10-08T09:37:20.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }