CVE-2022-37255
Description
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TP-Link/Tapo C310description
Patches
Vulnerability mechanics
Root cause
"The RTSP server has default, hardcoded credentials that are not removed when a user account is not configured."
Attack vector
An attacker can access the RTSP video feed by connecting to the device and using the default username and password. This bypasses the need for proper authentication, allowing unauthorized access to the video stream.
Affected code
The vulnerability stems from the RTSP server component of the TP-Link Tapo C310 camera, specifically in version 1.3.0. The default credentials were reportedly sourced from the "cet" binary on the camera.
What the fix does
The advisory does not specify a patch or remediation steps beyond advising users to set up a "Camera Account" to configure user details for the RTSP server. It is implied that configuring a user account removes the default credentials.
Preconditions
- configThe device is running firmware version 1.3.0 or below.
- authNo "Camera Account" with custom user details has been configured for the RTSP server.
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.