Search criteria
4 vulnerabilities found for TP-Link Tapo App by TP-Link Systems Inc.
CVE-2025-14553 (GCVE-0-2025-14553)
Vulnerability from nvd – Published: 2025-12-16 18:38 – Updated: 2026-01-09 00:48
VLAI?
Title
Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
Summary
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | TP-Link Tapo App |
Affected:
0 , < 3.1.6
(3.1.6)
|
|||||||
|
|||||||||
Credits
Juraj Nyíri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:09:57.442313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:10:54.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"Android"
],
"product": "TP-Link Tapo App",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.6",
"status": "affected",
"version": "0",
"versionType": "3.1.6"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"iOS"
],
"product": "TP-Link Tapo App",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.601",
"status": "affected",
"version": "0",
"versionType": "3.1.601"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juraj Ny\u00edri"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u0026nbsp;Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"impacts": [
{
"capecId": "CAPEC-55",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-55 Rainbow Table Password Cracking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T00:48:59.820Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"
},
{
"url": "https://play.google.com/store/apps/details?id=com.tplink.iot"
},
{
"url": "https://www.tp-link.com/us/support/faq/4840/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14553",
"datePublished": "2025-12-16T18:38:08.805Z",
"dateReserved": "2025-12-11T22:58:26.015Z",
"dateUpdated": "2026-01-09T00:48:59.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4975 (GCVE-0-2025-4975)
Vulnerability from nvd – Published: 2025-05-22 21:17 – Updated: 2025-10-08 09:37
VLAI?
Title
Tapo privilege escalation on shared devices using notifications
Summary
When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | TP-Link Tapo app |
Affected:
0 , < 3.10.513
(3.10.513)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T14:26:25.678883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:27:40.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Android"
],
"product": "TP-Link Tapo app",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.10.513",
"status": "affected",
"version": "0",
"versionType": "3.10.513"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
}
],
"value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:37:20.297Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/faq/4464/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.tplink.iot\u0026hl=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tapo privilege escalation on shared devices using notifications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-4975",
"datePublished": "2025-05-22T21:17:52.691Z",
"dateReserved": "2025-05-20T02:56:36.381Z",
"dateUpdated": "2025-10-08T09:37:20.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-14553 (GCVE-0-2025-14553)
Vulnerability from cvelistv5 – Published: 2025-12-16 18:38 – Updated: 2026-01-09 00:48
VLAI?
Title
Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
Summary
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | TP-Link Tapo App |
Affected:
0 , < 3.1.6
(3.1.6)
|
|||||||
|
|||||||||
Credits
Juraj Nyíri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:09:57.442313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:10:54.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"Android"
],
"product": "TP-Link Tapo App",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.6",
"status": "affected",
"version": "0",
"versionType": "3.1.6"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"iOS"
],
"product": "TP-Link Tapo App",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.601",
"status": "affected",
"version": "0",
"versionType": "3.1.601"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juraj Ny\u00edri"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u0026nbsp;Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"impacts": [
{
"capecId": "CAPEC-55",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-55 Rainbow Table Password Cracking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T00:48:59.820Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"
},
{
"url": "https://play.google.com/store/apps/details?id=com.tplink.iot"
},
{
"url": "https://www.tp-link.com/us/support/faq/4840/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14553",
"datePublished": "2025-12-16T18:38:08.805Z",
"dateReserved": "2025-12-11T22:58:26.015Z",
"dateUpdated": "2026-01-09T00:48:59.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4975 (GCVE-0-2025-4975)
Vulnerability from cvelistv5 – Published: 2025-05-22 21:17 – Updated: 2025-10-08 09:37
VLAI?
Title
Tapo privilege escalation on shared devices using notifications
Summary
When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | TP-Link Tapo app |
Affected:
0 , < 3.10.513
(3.10.513)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T14:26:25.678883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:27:40.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Android"
],
"product": "TP-Link Tapo app",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.10.513",
"status": "affected",
"version": "0",
"versionType": "3.10.513"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
}
],
"value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:37:20.297Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/faq/4464/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.tplink.iot\u0026hl=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tapo privilege escalation on shared devices using notifications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-4975",
"datePublished": "2025-05-22T21:17:52.691Z",
"dateReserved": "2025-05-20T02:56:36.381Z",
"dateUpdated": "2025-10-08T09:37:20.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}