Unrated severityNVD Advisory· Published Feb 5, 2026· Updated Feb 5, 2026

Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

CVE-2025-15557

Description

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.

Affected products

Tp Link Systems Inc./Tapo H100 V1v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tp-link.com/en/support/download/tapo-h100/mitrepatch
www.tp-link.com/en/support/download/tapo-p100/mitrepatch
www.tp-link.com/us/support/download/tapo-h100/mitrepatch
www.tp-link.com/us/support/download/tapo-p100/mitrepatch
www.tp-link.com/us/support/faq/4949/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000