Juraj Nyíri

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo C210 versions 1.8 **Description** An unauthenticated API response exposes password hashes in the TP-Link Tapo C210 application on iOS and Android. This allows attackers to attempt to brute force the password within the local network. The API endpoint responsible for this exposure is not specified. The vulnerable data includes password hashes, which are exposed through the API. **Recommendations** Update the mobile application to mitigate the issue.