CVE-2026-34126

Name of the Vulnerable Software and Affected Versions Tapo L535E versions 1.0 and 3.0 Tapo P300 version 1.0 Tapo D100C version 1.0

Description Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. An attacker within Bluetooth range could use sniffing or man-in-the-middle techniques to eavesdrop on communications, manipulate setup data, and potentially gain unauthorized control of the device during initialization. Bluetooth is exclusively used during the initialization process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.