PT-2025-51777 · Tp Link · Tapo C210
Juraj Nyíri
·
Published
2025-12-16
·
Updated
2026-01-09
·
CVE-2025-14553
CVSS v4.0
7.0
High
| Vector | AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TP-Link Tapo C210 versions 1.8
Description
An unauthenticated API response exposes password hashes in the TP-Link Tapo C210 application on iOS and Android. This allows attackers to attempt to brute force the password within the local network. The API endpoint responsible for this exposure is not specified. The vulnerable data includes password hashes, which are exposed through the API.
Recommendations
Update the mobile application to mitigate the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tapo C210