CVE-2026-0629 - Vulnerability Details

Description

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

Published: 2026-01-16

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

VIGI InSight Sx45 Series (S245/S345/S445)

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250820_Rel.57668n

TP-Link Systems Inc.

VIGI Cx45 Series (C345/C445)

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250820_Rel.57668n

TP-Link Systems Inc.

VIGI InSight Sx55 Series (S355/S455)

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250820_Rel.58873n

TP-Link Systems Inc.

VIGI Cx55 Series (C355/C455)

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250820_Rel.58873n

TP-Link Systems Inc.

VIGI InSight Sx85 Series (S285/S385)

unaffected

Version	Status	Constraints
`0`	affected	< 3.0.2_Build_250630_Rel.71279n

TP-Link Systems Inc.

VIGI Cx85 Series (C385/C485)

unaffected

Version	Status	Constraints
`0`	affected	< 3.0.2_Build_250630_Rel.71279n

TP-Link Systems Inc.

VIGI InSight S655I

unaffected

Version	Status	Constraints
`0`	affected	< 1.1.1_Build_250625_Rel.64224n

TP-Link Systems Inc.

VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI)

unaffected

Version	Status	Constraints
`0`	affected	< 1.2.0_Build_250820_Rel.60930n

TP-Link Systems Inc.

VIGI InSight Sx85PI Series (S385PI/S485PI)

unaffected

Version	Status	Constraints
`0`	affected	< 1.2.0_Build_250827_Rel.66817n

TP-Link Systems Inc.

VIGI C340S

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250625_Rel.65381n

TP-Link Systems Inc.

VIGI C540S / EasyCam C540S

unaffected

Version	Status	Constraints
`0`	affected	< 3.1.0_Build_250625_Rel.66601n

TP-Link Systems Inc.

VIGI C540V

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250702_Rel.54300n

TP-Link Systems Inc.

VIGI C250

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250702_Rel.54301n

TP-Link Systems Inc.

VIGI Cx50 Series (C350/C450)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250702_Rel.54294n

TP-Link Systems Inc.

VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_251014_Rel.58331n

TP-Link Systems Inc.

VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.44071n

TP-Link Systems Inc.

VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.45506n

TP-Link Systems Inc.

VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.44555n

TP-Link Systems Inc.

VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.46003n

TP-Link Systems Inc.

VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.45041n

TP-Link Systems Inc.

VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.46796n

TP-Link Systems Inc.

VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.46796n

TP-Link Systems Inc.

VIGI C230I Mini

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.47570n

TP-Link Systems Inc.

VIGI C240 1.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.48425n

TP-Link Systems Inc.

VIGI C340 2.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.49304n

TP-Link Systems Inc.

VIGI C440 2.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.49778n

TP-Link Systems Inc.

VIGI C540 2.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.50397n

TP-Link Systems Inc.

VIGI C540-4G

unaffected

Version	Status	Constraints
`0`	affected	< 2.2.0_Build_250826_Rel.56808n

TP-Link Systems Inc.

VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.1_Build_250717_Rel.66528n

TP-Link Systems Inc.

VIGI C440-W 2.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.1_Build_250717_Rel.66632n

TP-Link Systems Inc.

VIGI C540-W 2.0

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.1_Build_250717_Rel.67730n

TP-Link Systems Inc.

VIGI InSight S345-4G

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250725_Rel.36867n

TP-Link Systems Inc.

VIGI InSight Sx25 Series (S225/S325/S425)

unaffected

Version	Status	Constraints
`0`	affected	< 1.1.0_Build_250630_Rel.39597n

TP-Link Systems Inc.

VIGI Cx20 Series (C320/C420)

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.0_Build_250701_Rel.39597n

No data.

Vendor	Product	Confidence	Versions
Tp-link	Vigi C230i Mini	—	—
Tp-link	Vigi C240	—	—
Tp-link	Vigi C250	—	—
Tp-link	Vigi C340	—	—
Tp-link	Vigi C340s	—	—
Tp-link	Vigi C440	—	—
Tp-link	Vigi C540	—	—
Tp-link	Vigi C540-4g	—	—
Tp-link	Vigi C540s	—	—
Tp-link	Vigi C540v	—	—
Tp-link	Vigi Cx20 Series	—	—
Tp-link	Vigi Cx20i 1.0 Series	—	—
Tp-link	Vigi Cx20i 1.20 Series	—	—
Tp-link	Vigi Cx30 1.0 Series	—	—
Tp-link	Vigi Cx30 1.20 Series	—	—
Tp-link	Vigi Cx30i 1.0 Series	—	—
Tp-link	Vigi Cx30i 1.20 Series	—	—
Tp-link	Vigi Cx40i 1.0 Series	—	—
Tp-link	Vigi Cx40i 1.20 Series	—	—
Tp-link	Vigi Cx45 Series	—	—
Tp-link	Vigi Cx50 Series	—	—
Tp-link	Vigi Cx55 Series	—	—
Tp-link	Vigi Cx85 Series	—	—
Tp-link	Vigi Insight S345-4g	—	—
Tp-link	Vigi Insight S655i	—	—
Tp-link	Vigi Insight Sx25 Series	—	—
Tp-link	Vigi Insight Sx45 Series	—	—
Tp-link	Vigi Insight Sx45zi Series	—	—
Tp-link	Vigi Insight Sx55 Series	—	—
Tp-link	Vigi Insight Sx85 Series	—	—
Tp-link	Vigi Insight Sx85pi Series	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.tp-link.com/us/support/faq/4906/
https://www.vigi.com/en/support/download/
https://www.vigi.com/in/support/download/
https://www.vigi.com/us/support/download/

History

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link vigi C230i Mini Tp-link vigi C240 Tp-link vigi C250 Tp-link vigi C340 Tp-link vigi C340s Tp-link vigi C440 Tp-link vigi C540 Tp-link vigi C540-4g Tp-link vigi C540s Tp-link vigi C540v Tp-link vigi Cx20 Series Tp-link vigi Cx20i 1.0 Series Tp-link vigi Cx20i 1.20 Series Tp-link vigi Cx30 1.0 Series Tp-link vigi Cx30 1.20 Series Tp-link vigi Cx30i 1.0 Series Tp-link vigi Cx30i 1.20 Series Tp-link vigi Cx40i 1.0 Series Tp-link vigi Cx40i 1.20 Series Tp-link vigi Cx45 Series Tp-link vigi Cx50 Series Tp-link vigi Cx55 Series Tp-link vigi Cx85 Series Tp-link vigi Insight S345-4g Tp-link vigi Insight S655i Tp-link vigi Insight Sx25 Series Tp-link vigi Insight Sx45 Series Tp-link vigi Insight Sx45zi Series Tp-link vigi Insight Sx55 Series Tp-link vigi Insight Sx85 Series Tp-link vigi Insight Sx85pi Series
Vendors & Products		Tp-link Tp-link vigi C230i Mini Tp-link vigi C240 Tp-link vigi C250 Tp-link vigi C340 Tp-link vigi C340s Tp-link vigi C440 Tp-link vigi C540 Tp-link vigi C540-4g Tp-link vigi C540s Tp-link vigi C540v Tp-link vigi Cx20 Series Tp-link vigi Cx20i 1.0 Series Tp-link vigi Cx20i 1.20 Series Tp-link vigi Cx30 1.0 Series Tp-link vigi Cx30 1.20 Series Tp-link vigi Cx30i 1.0 Series Tp-link vigi Cx30i 1.20 Series Tp-link vigi Cx40i 1.0 Series Tp-link vigi Cx40i 1.20 Series Tp-link vigi Cx45 Series Tp-link vigi Cx50 Series Tp-link vigi Cx55 Series Tp-link vigi Cx85 Series Tp-link vigi Insight S345-4g Tp-link vigi Insight S655i Tp-link vigi Insight Sx25 Series Tp-link vigi Insight Sx45 Series Tp-link vigi Insight Sx45zi Series Tp-link vigi Insight Sx55 Series Tp-link vigi Insight Sx85 Series Tp-link vigi Insight Sx85pi Series

Wed, 21 Jan 2026 18:30:00 +0000

Type	Values Removed	Values Added
References	https://www.tp-link.com/us/support/faq/4899/

Wed, 21 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
References		https://www.tp-link.com/us/support/faq/4906/

Fri, 16 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 16 Jan 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Title		Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras
Weaknesses		CWE-287
References		https://www.tp-link.com/us/support/faq/4899/ https://www.vigi.com/en/support/download/ https://www.vigi.com/in/support/download/ https://www.vigi.com/us/support/download/
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Tp-link Vigi C230i Mini Vigi C240 Vigi C250 Vigi C340 Vigi C340s Vigi C440 Vigi C540 Vigi C540-4g Vigi C540s Vigi C540v Vigi Cx20 Series Vigi Cx20i 1.0 Series Vigi Cx20i 1.20 Series Vigi Cx30 1.0 Series Vigi Cx30 1.20 Series Vigi Cx30i 1.0 Series Vigi Cx30i 1.20 Series Vigi Cx40i 1.0 Series Vigi Cx40i 1.20 Series Vigi Cx45 Series Vigi Cx50 Series Vigi Cx55 Series Vigi Cx85 Series Vigi Insight S345-4g Vigi Insight S655i Vigi Insight Sx25 Series Vigi Insight Sx45 Series Vigi Insight Sx45zi Series Vigi Insight Sx55 Series Vigi Insight Sx85 Series Vigi Insight Sx85pi Series

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-01-16T17:24:39.370Z

Updated: 2026-02-26T14:44:46.968Z

Reserved: 2026-01-06T00:07:04.905Z

Link: CVE-2026-0629

Vulnrichment

Updated: 2026-01-16T17:38:44.636Z

NVD

Status : Awaiting Analysis

Published: 2026-01-16T18:16:09.190

Modified: 2026-01-26T15:05:57.190

Link: CVE-2026-0629

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-22T10:15:23Z

Weaknesses

CWE-287

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object