CVE-2026-0629

Summary

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.VIGI InSight Sx45 Series (S245/S345/S445)0 < 3.1.0_Build_250820_Rel.57668naffected
TP-Link Systems Inc.VIGI Cx45 Series (C345/C445)0 < 3.1.0_Build_250820_Rel.57668naffected
TP-Link Systems Inc.VIGI InSight Sx55 Series (S355/S455)0 < 3.1.0_Build_250820_Rel.58873naffected
TP-Link Systems Inc.VIGI Cx55 Series (C355/C455)0 < 3.1.0_Build_250820_Rel.58873naffected
TP-Link Systems Inc.VIGI InSight Sx85 Series (S285/S385)0 < 3.0.2_Build_250630_Rel.71279naffected
TP-Link Systems Inc.VIGI Cx85 Series (C385/C485)0 < 3.0.2_Build_250630_Rel.71279naffected
TP-Link Systems Inc.VIGI InSight S655I0 < 1.1.1_Build_250625_Rel.64224naffected
TP-Link Systems Inc.VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI)0 < 1.2.0_Build_250820_Rel.60930naffected
TP-Link Systems Inc.VIGI InSight Sx85PI Series (S385PI/S485PI)0 < 1.2.0_Build_250827_Rel.66817naffected
TP-Link Systems Inc.VIGI C340S0 < 3.1.0_Build_250625_Rel.65381naffected
TP-Link Systems Inc.VIGI C540S / EasyCam C540S0 < 3.1.0_Build_250625_Rel.66601naffected
TP-Link Systems Inc.VIGI C540V0 < 2.1.0_Build_250702_Rel.54300naffected
TP-Link Systems Inc.VIGI C2500 < 2.1.0_Build_250702_Rel.54301naffected
TP-Link Systems Inc.VIGI Cx50 Series (C350/C450)0 < 2.1.0_Build_250702_Rel.54294naffected
TP-Link Systems Inc.VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0)0 < 2.1.0_Build_251014_Rel.58331naffected
TP-Link Systems Inc.VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20)0 < 2.1.0_Build_250701_Rel.44071naffected
TP-Link Systems Inc.VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0)0 < 2.1.0_Build_250701_Rel.45506naffected
TP-Link Systems Inc.VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20)0 < 2.1.0_Build_250701_Rel.44555naffected
TP-Link Systems Inc.VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0)0 < 2.1.0_Build_250701_Rel.46003naffected
TP-Link Systems Inc.VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20)0 < 2.1.0_Build_250701_Rel.45041naffected
TP-Link Systems Inc.VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0)0 < 2.1.0_Build_250701_Rel.46796naffected
TP-Link Systems Inc.VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20)0 < 2.1.0_Build_250701_Rel.46796naffected
TP-Link Systems Inc.VIGI C230I Mini0 < 2.1.0_Build_250701_Rel.47570naffected
TP-Link Systems Inc.VIGI C240 1.00 < 2.1.0_Build_250701_Rel.48425naffected
TP-Link Systems Inc.VIGI C340 2.00 < 2.1.0_Build_250701_Rel.49304naffected
TP-Link Systems Inc.VIGI C440 2.00 < 2.1.0_Build_250701_Rel.49778naffected
TP-Link Systems Inc.VIGI C540 2.00 < 2.1.0_Build_250701_Rel.50397naffected
TP-Link Systems Inc.VIGI C540-4G0 < 2.2.0_Build_250826_Rel.56808naffected
TP-Link Systems Inc.VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20)0 < 2.1.1_Build_250717_Rel.66528naffected
TP-Link Systems Inc.VIGI C440-W 2.00 < 2.1.1_Build_250717_Rel.66632naffected
TP-Link Systems Inc.VIGI C540-W 2.00 < 2.1.1_Build_250717_Rel.67730naffected
TP-Link Systems Inc.VIGI InSight S345-4G0 < 2.1.0_Build_250725_Rel.36867naffected
TP-Link Systems Inc.VIGI InSight Sx25 Series (S225/S325/S425)0 < 1.1.0_Build_250630_Rel.39597naffected
TP-Link Systems Inc.VIGI Cx20 Series (C320/C420)0 < 2.1.0_Build_250701_Rel.39597naffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References