Search criteria
2 vulnerabilities found for Tapo C500 V1 Wi-Fi Camera by TP-Link
CVE-2025-1099 (GCVE-0-2025-1099)
Vulnerability from cvelistv5 – Published: 2025-02-10 10:44 – Updated: 2025-02-14 11:14
VLAI?
Summary
This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link | Tapo C500 V1 Wi-Fi Camera |
Affected:
<=1.1.4
|
|||||||
|
|||||||||
Credits
This vulnerability is reported by Shravan Singh from Mumbai, India
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:23:52.502194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:42:59.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tapo C500 V1 Wi-Fi Camera",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003c=1.1.4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tapo C500 V2 Wi-Fi Camera",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003c=1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Shravan Singh from Mumbai, India"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
}
],
"value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T11:14:37.477Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttps://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eUpgrade TP-Link Tapo C500 V2 to version 1.0.6\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttp://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed...\u003c/a\u003e"
}
],
"value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \n https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe... https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin \n\nUpgrade TP-Link Tapo C500 V2 to version 1.0.6\n http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed... http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2025-1099",
"datePublished": "2025-02-10T10:44:26.274Z",
"dateReserved": "2025-02-07T06:58:29.863Z",
"dateUpdated": "2025-02-14T11:14:37.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1099 (GCVE-0-2025-1099)
Vulnerability from nvd – Published: 2025-02-10 10:44 – Updated: 2025-02-14 11:14
VLAI?
Summary
This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link | Tapo C500 V1 Wi-Fi Camera |
Affected:
<=1.1.4
|
|||||||
|
|||||||||
Credits
This vulnerability is reported by Shravan Singh from Mumbai, India
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:23:52.502194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:42:59.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tapo C500 V1 Wi-Fi Camera",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003c=1.1.4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tapo C500 V2 Wi-Fi Camera",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003c=1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Shravan Singh from Mumbai, India"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
}
],
"value": "This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T11:14:37.477Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttps://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eUpgrade TP-Link Tapo C500 V2 to version 1.0.6\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin\"\u003ehttp://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed...\u003c/a\u003e"
}
],
"value": "Upgrade TP-Link Tapo C500 V1 to version 1.3.2 \n https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signe... https://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin \n\nUpgrade TP-Link Tapo C500 V2 to version 1.0.6\n http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed... http://download.tplinkcloud.com/firmware/Tapo_C500v1_en_1.3.2_Build_250108_Rel.40063n_up_boot-signed_1737345124385.bin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2025-1099",
"datePublished": "2025-02-10T10:44:26.274Z",
"dateReserved": "2025-02-07T06:58:29.863Z",
"dateUpdated": "2025-02-14T11:14:37.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}