7
CVE-2025-14553
- EPSS 0.02%
- Veröffentlicht 16.12.2025 18:38:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTP-Link Systems Inc.
≫
Produkt
TP-Link Tapo App
Default Statusunaffected
Version
0
Version <
3.1.6
Status
affected
HerstellerTP-Link Systems Inc.
≫
Produkt
TP-Link Tapo App
Default Statusunaffected
Version
0
Version <
3.1.601
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.053 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.