Tapo Security Vulnerabilities
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
7.5CVSS
7.5AI Score
0.001EPSS
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
6.5CVSS
6.4AI Score
0.001EPSS
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
6.5CVSS
6.5AI Score
0.001EPSS
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
7.5CVSS
7.4AI Score
0.001EPSS
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.
6.5CVSS
6.4AI Score
0.001EPSS
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
6.5CVSS
6.2AI Score
0.001EPSS
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
4.8CVSS
6.8AI Score
0.0004EPSS