Tp-Link: >> Tapo H100 Firmware Security Vulnerabilities
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-05
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVSS Score
4.6
EPSS Score
0.0
Published
2024-11-04