—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication bypass Vulnerability in TP-Link VIGI Cameras 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

TP-Link VIGI Camera Cx45 series (Models C345, C445) version prior to 3.1.0 Build 250820 Rel.57668n

TP-Link VIGI Camera Cx55 series (Models C355, C455) version prior to 3.1.0 Build 250820 Rel. 58873n

TP-Link VIGI Camera Cx85 series (Models C385, C485) version prior to 3.0.2 Build 250630 Rel.71279n

TP-Link VIGI Camera C340S series (Model C340S) version prior to 3.1.0 Build 250625 Rel.65381n

TP-Link VIGI Camera C540S series (Models C540S, EasyCam C540S) version prior to 3.1.0 Build 250625 Rel.66601n

TP-Link VIGI Camera C540V series (Model C540V) version prior to 2.1.0 Build 250702 Rel.54300n

TP-Link VIGI Camera C250 series (Model C250) version prior to 2.1.0 Build 250702 Rel.54301n

TP-Link VIGI Camera Cx50 series (Models C350, C450) version prior to 2.1.0 Build 250702 Rel.54294n

TP-Link VIGI Camera Cx20I (1.0) series (Models C220I 1.0, C320I 1.0, C420I 1.0) version prior to 2.1.0 Build 251014 Rel.58331n

TP-Link VIGI Camera Cx20I (1.20) series (Models C220I 1.20, C320I 1.20, C420I 1.20) version prior to 2.1.0 Build 250701 Rel.44071n

TP-Link VIGI Camera Cx30I (1.0) series (Models C230I 1.0, C330I 1.0, C430I 1.0) version prior to 2.1.0 Build 250701 Rel.45506n

TP-Link VIGI Camera Cx30I (1.20) series (Models C230I 1.20, C330I 1.20, C430I 1.20) version prior to 2.1.0 Build 250701 Rel.44555n

TP-Link VIGI Camera Cx30 (1.0) series (Models C230 1.0, C330 1.0, C430 1.0) version prior to 2.1.0 Build 250701 Rel.46796n

TP-Link VIGI Camera Cx30 (1.20) series (Models C230 1.20, C330 1.20, C430 1.20) version prior to 2.1.0 Build 250701 Rel.46796n

TP-Link VIGI Camera Cx40I (1.0) series (Models C240I 1.0, C340I 1.0, C440I 1.0) version prior to 2.1.0 Build 250701 Rel.46003n

TP-Link VIGI Camera Cx40I (1.20) series (Models C240I 1.20, C340I 1.20, C440I 1.20) version prior to 2.1.0 Build 250701 Rel.45041n

TP-Link VIGI Camera C230I Mini series (Model C230I Mini) version prior to 2.1.0 Build 250701 Rel.47570n

TP-Link VIGI Camera C240 1.0 series (Model C240 1.0) version prior to 2.1.0 Build 250701 Rel.48425n

TP-Link VIGI Camera C340 2.0 series (Model C340 2.0) version prior to 2.1.0 Build 250701 Rel.49304n

TP-Link VIGI Camera C440 2.0 series (Model C440 2.0) version prior to 2.1.0 Build 250701 Rel.49778n

TP-Link VIGI Camera C540 2.0 series (Model C540 2.0) version prior to 2.1.0 Build 250701 Rel.50397n

TP-Link VIGI Camera C540 4G series (Model C540 4G) version prior to 2.2.0 Build 250826 Rel.56808n

TP-Link VIGI Camera Cx40 W series (Models C340 W 2.0/2.20, C440 W 2.0, C540 W 2.0) version prior to 2.1.1 Build 250717

TP-Link VIGI Camera Cx20 series (Models C320, C420) version prior to 2.1.0 Build 250701 Rel.39597n

TP-Link VIGI Camera InSight Sx45 series (Models S245, S345, S445) version prior to 3.1.0 Build 250820 Rel.57668n

TP-Link VIGI Camera InSight Sx55 series (Models S355, S455) version prior to 3.1.0 Build 250820 Rel.58873n

TP-Link VIGI Camera InSight Sx85 series (Models S285, S385) version prior to 3.0.2 Build 250630 Rel.71279n

TP-Link VIGI Camera InSight Sx45ZI series (Models S245ZI, S345ZI, S445ZI) version prior to 1.2.0 Build 250820 Rel.60930n

TP-Link VIGI Camera InSight Sx85PI series (Models S385PI, S485PI) version prior to 1.2.0 Build 250827 Rel.66817n

TP-Link VIGI Camera InSight S655I series (Model S655I) version prior to 1.1.1 Build 250625 Rel.64224n

TP-Link VIGI Camera InSight S345 4G series (Model S345 4G) version prior to 2.1.0 Build 250725 Rel.36867n

TP-Link VIGI Camera InSight Sx25 series (Models S225, S325, S425) version prior to 1.1.0 Build 250630 Rel.39597n

Overview

A vulnerability has been reported in password recovery feature of the local web interface across multiple TP-Link VIGI camera models which could allow an attacker to bypass authentication on the affected device.

 

Target Audience:

Organisation and individuals using TP-Link VIGI Camera.

Risk Assessment:

High risk of unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

TP-Link VIGI cameras are professional IP surveillance cameras designed for small and medium businesses, offering features such as HD video recording, remote monitoring, motion detection, and local web-based management.

An attacker could exploit this vulnerability by abusing the password recovery feature.

Successful exploitation of this vulnerability could allow the attacker to reset administrator credentials and gain full control of the affected cameras.

Solution

Apply appropriate updates as mentioned in TP-Link Advisory

https://www.tp-link.com/us/support/faq/4906/

Vendor Information

TP-Link

https://www.tp-link.com/us/support/faq/4906/

References

TP-Link

https://www.tp-link.com/us/support/faq/4906/

CVE Name

CVE-2026-0629

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml0m9sACgkQ3jCgcSdc

ys9luA/+PSkjR56pJDs6i/mjYS8lgeX9nTlZDgey/IamMYVLysfjqttzBmpHUuNZ

ND3bu5mvDAR8z+Y5gYoj/zYFh/ud91TD9Pd2S7CMKC4o8/zWVzkCrWk0n/EiQNs3

uy6Sbue1mliodJ/utf36XdwnU//Symr1XX3BXBO7Xv3hbtyLpnH52lw9d7ETSVTV

ZEJqQvD9NW03FYKXIS9lo7Q+yDZbg7xNU7Kfh8mIeI05PA6uYUV/UzLKt8B5zsX/

f8e3ucdDKeRY1m/XwUzmEHzmknW91lCKZxUkVe4ubUz56SI986uj+fY0z4nTef62

wboQ2Dl8tq0vj8fdtfbfYoPWQmpxdqxKr+ABSJOopsXmu7PEIldX4XCz2BUGu0ws

284E78S7qRNP8sVMSuRBKB8dt/9O/FpcVFpcx3lZkp4j36uheamEePJFWQRy56zl

3dsbtJxuS7K9EN7eRngnzgyma9aYO234iJzAcyf3zJszmlCCoyiWYp3IdjU3mXFY

Rwpez/hoWfttq2Zz9WwX5iLsAVQFTwn5QtN3uMUKFld8WBfz3nQcAxQ1ZXP9TVR/

fBKVvOflmJT4Yy32jLp3cLWQiB0oRT35H7banblYcUs1S6w2h3OdDCeNJqa8QPUo

tkLSbYHJ1AA7kwhKrFlEMgxQfGpYYeJI8YLbA3HwOWg2JKiEXTI=

=8ODS

—–END PGP SIGNATURE—–