VYPR

Tapo

by TP-Link

CVEs (7)

  • CVE-2025-9293HigFeb 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position…

  • CVE-2025-9292HigFeb 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web…

  • CVE-2025-14553HigDec 16, 2025
    risk 0.46cvss epss 0.00

    Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains…

  • CVE-2025-4975MedMay 22, 2025
    risk 0.31cvss epss 0.00

    When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.

  • CVE-2024-31340MedMay 22, 2024
    risk 0.31cvss 4.8epss 0.00

    TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

  • CVE-2023-27098Jan 9, 2024
    risk 0.00cvss epss 0.00

    TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

  • CVE-2023-34829Dec 28, 2023
    risk 0.00cvss epss 0.00

    Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.