Tp-link

Tapo

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-9293

  • EPSS 0.01%
  • Veröffentlicht 13.02.2026 00:22:27
  • Zuletzt bearbeitet 01.04.2026 20:49:52

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic...

7.5

CVE-2025-9292

  • EPSS 0.02%
  • Veröffentlicht 13.02.2026 00:21:24
  • Zuletzt bearbeitet 01.04.2026 20:52:43

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user acces...

4.8

CVE-2025-4975

  • EPSS 0.07%
  • Veröffentlicht 22.05.2025 21:17:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.

4.8

CVE-2024-31340

  • EPSS 0.38%
  • Veröffentlicht 22.05.2024 06:15:12
  • Zuletzt bearbeitet 15.04.2026 00:35:42

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

7.5

CVE-2023-27098

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.01.2024 02:15:44
  • Zuletzt bearbeitet 18.06.2025 17:15:26

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

6.5

CVE-2023-34829

Exploit
  • EPSS 0.03%
  • Veröffentlicht 28.12.2023 03:15:07
  • Zuletzt bearbeitet 17.04.2025 21:15:46

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.

7.5

CVE-2023-38907

  • EPSS 0.31%
  • Veröffentlicht 25.09.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:14:25

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

6.5

CVE-2023-38908

  • EPSS 0.07%
  • Veröffentlicht 22.08.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:14:25

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.

6.5

CVE-2023-38909

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.08.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:14:25

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC functio...

6.5

CVE-2023-38906

  • EPSS 0.1%
  • Veröffentlicht 22.08.2023 00:15:07
  • Zuletzt bearbeitet 21.11.2024 08:14:25

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the ...