Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Tapo C500 V2 Wi-Fi Camera by TP-Link

    CVE-2025-1099 (GCVE-0-2025-1099)

    Vulnerability from nvd – Published: 2025-02-10 10:44 – Updated: 2025-02-14 11:14
    VLAI
    Title
    Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
    Summary
    This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Credits
    This vulnerability is reported by Shravan Singh from Mumbai, India
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1099",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T13:23:52.502194Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T15:42:59.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tapo C500 V1 Wi-Fi Camera",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.1.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Tapo C500 V2 Wi-Fi Camera",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This vulnerability is reported by Shravan Singh from Mumbai, India"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
                }
              ],
              "value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-14T11:14:37.477Z",
            "orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
            "shortName": "CERT-In"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttps://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eUpgrade TP-Link Tapo C500 V2 to version 1.0.6\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttp://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed...\u003c/a\u003e"
                }
              ],
              "value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \n https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe... https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin \n\nUpgrade TP-Link Tapo C500 V2 to version 1.0.6\n http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed... http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
        "assignerShortName": "CERT-In",
        "cveId": "CVE-2025-1099",
        "datePublished": "2025-02-10T10:44:26.274Z",
        "dateReserved": "2025-02-07T06:58:29.863Z",
        "dateUpdated": "2025-02-14T11:14:37.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1099 (GCVE-0-2025-1099)

    Vulnerability from cvelistv5 – Published: 2025-02-10 10:44 – Updated: 2025-02-14 11:14
    VLAI
    Title
    Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
    Summary
    This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Credits
    This vulnerability is reported by Shravan Singh from Mumbai, India
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1099",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T13:23:52.502194Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T15:42:59.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tapo C500 V1 Wi-Fi Camera",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.1.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Tapo C500 V2 Wi-Fi Camera",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This vulnerability is reported by Shravan Singh from Mumbai, India"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
                }
              ],
              "value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-14T11:14:37.477Z",
            "orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
            "shortName": "CERT-In"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttps://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eUpgrade TP-Link Tapo C500 V2 to version 1.0.6\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttp://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed...\u003c/a\u003e"
                }
              ],
              "value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \n https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe... https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin \n\nUpgrade TP-Link Tapo C500 V2 to version 1.0.6\n http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed... http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
        "assignerShortName": "CERT-In",
        "cveId": "CVE-2025-1099",
        "datePublished": "2025-02-10T10:44:26.274Z",
        "dateReserved": "2025-02-07T06:58:29.863Z",
        "dateUpdated": "2025-02-14T11:14:37.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }