PT-2026-6601 · Tp Link · Tapo H100+1
Published
2026-02-05
·
Updated
2026-02-05
·
CVE-2025-15557
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TP-Link Tapo H100 version 1
TP-Link Tapo P100 version 1
Description
An improper certificate validation issue exists in the software. An attacker on the same network segment can intercept and modify encrypted communications between the device and the cloud. This could compromise the confidentiality and integrity of data exchanged between the device and the cloud, potentially allowing manipulation of device data or operations.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tapo H100
Tapo P100