Critical Authentication Bypass Flaw in TP-Link VIGI Cameras Exposes Surveillance Systems to Unauthorized Access
A high-severity authentication vulnerability (CVE-2026-0629) has been disclosed in TP-Link’s VIGI surveillance camera lineup, allowing attackers on local networks to reset administrative credentials without authorization. The flaw, rated 8.7 on the CVSS v4.0 scale, affects the web interface’s password recovery function due to improper client-side state manipulation.
Exploiting the vulnerability requires only LAN access, with no elevated privileges, user interaction, or complex attack methods needed. Successful exploitation grants full administrative control over affected devices, enabling attackers to modify configurations, disable security features, access recorded footage, or use compromised cameras as pivot points for lateral network movement.
The flaw impacts 28 VIGI camera series, including the Cx45, Cx55, Cx85, and InSight models, posing significant risks to organizations relying on these devices for critical surveillance. TP-Link has released firmware updates to address the issue, with patched versions available for all affected models. Devices remain vulnerable until updates are applied, and TP-Link has stated it will not be liable for incidents resulting from unpatched systems.
Firmware updates can be downloaded via TP-Link’s regional support portals, including the U.S., global, and India-specific download centers. The advisory underscores the urgency of patching due to the flaw’s ease of exploitation and broad impact on surveillance infrastructure.
Source: https://cybersecuritynews.com/tp-link-vulnerability/
TP-Link cybersecurity rating report: https://www.rankiteo.com/company/tp-link-corporation
"id": "TP-1768921605",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Organizations relying on '
'TP-Link VIGI cameras for '
'critical surveillance',
'industry': 'Surveillance and Networking',
'name': 'TP-Link',
'type': 'Technology Company'}],
'attack_vector': 'Local Network Access',
'customer_advisories': 'Users are urged to download and apply firmware '
'updates to mitigate the vulnerability.',
'data_breach': {'sensitivity_of_data': 'High (surveillance footage, '
'administrative access)',
'type_of_data_compromised': 'Administrative credentials, '
'surveillance footage'},
'description': 'A high-severity authentication vulnerability (CVE-2026-0629) '
'has been disclosed in TP-Link’s VIGI surveillance camera '
'lineup, allowing attackers on local networks to reset '
'administrative credentials without authorization. The flaw '
'affects the web interface’s password recovery function due to '
'improper client-side state manipulation. Successful '
'exploitation grants full administrative control over affected '
'devices, enabling attackers to modify configurations, disable '
'security features, access recorded footage, or use '
'compromised cameras as pivot points for lateral network '
'movement.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'security flaw',
'data_compromised': 'Administrative credentials, recorded footage',
'legal_liabilities': 'TP-Link states it will not be liable for '
'incidents resulting from unpatched systems',
'operational_impact': 'Unauthorized administrative control, '
'potential lateral network movement',
'systems_affected': 'TP-Link VIGI surveillance cameras'},
'post_incident_analysis': {'corrective_actions': 'Firmware updates to fix the '
'authentication bypass flaw',
'root_causes': 'Improper client-side state '
'manipulation in the password '
'recovery function'},
'recommendations': 'Apply firmware updates immediately to patch the '
'vulnerability. Monitor affected devices for unauthorized '
'access.',
'references': [{'source': 'TP-Link Advisory',
'url': 'https://www.tp-link.com/us/support/'},
{'source': 'TP-Link Global Support',
'url': 'https://www.tp-link.com/support/'},
{'source': 'TP-Link India Support',
'url': 'https://www.tp-link.com/in/support/'}],
'response': {'communication_strategy': 'Advisory released via TP-Link’s '
'regional support portals',
'containment_measures': 'Firmware updates released to address '
'the vulnerability',
'remediation_measures': 'Patching affected devices with updated '
'firmware'},
'stakeholder_advisories': 'TP-Link has released firmware updates and advised '
'users to patch affected devices immediately.',
'title': 'Critical Authentication Bypass Flaw in TP-Link VIGI Cameras Exposes '
'Surveillance Systems to Unauthorized Access',
'type': 'Authentication Bypass',
'vulnerability_exploited': 'CVE-2026-0629'}