Description
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Published: 2026-01-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass – Full Administrative Privileges
Action: Patch
AI Analysis

Impact

An attacker who can reach the local web interface of affected TP‑Link VIGI cameras can manipulate the password recovery process to reset the administrator password without any additional verification. This flaw stems from improper authentication handling as defined by CWE‑287, allowing the attacker to gain complete control over device configuration and network security settings. The vulnerability permits unauthorized configuration changes, potential compromise of the camera’s firmware, and exposure of associated network infrastructure.

Affected Systems

Multiple VIGI camera models from TP‑Link, including the C230I Mini, C240, C250, C340 2.0 series, C340‑W 2.x series, C340S, C440 2.0 and C440‑W 2.0, C540 2.0, C540‑4G, C540‑W 2.0, C540S / EasyCam C540S, C540V, the Cx20 series (C320/C420), Cx20I 1.0/1.20 series (C220I, C320I, C420I), Cx30 1.0/1.20 series (C230, C330, C430), Cx30I 1.0/1.20 series (C230I, C330I, C430I), Cx40I 1.0/1.20 series (C240I, C340I, C440I), Cx45 series (C345/C445), Cx50 series (C350/C450), Cx55 series (C355/C455), Cx85 series (C385/C485), and various InSight models such as S345‑4G, S655I, Sx25 (S225/S325/S425), Sx45 (S245/S345/S445), Sx45ZI (S245ZI/S345ZI/S445ZI), Sx55 (S355/S455), Sx85 (S285/S385), and Sx85PI (S385PI/S485PI). No specific firmware versions or patch levels are listed, so all versions currently shipping the default local web interface are potentially vulnerable.

Risk and Exploitability

The issue carries a high CVSS score of 8.7, indicating a significant impact from a remote attacker with local network access. EPSS scores are below 1%, suggesting a low probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog, and no official exploitation reports are publicly available. An attacker can exploit the weakness by accessing the camera’s local web interface from the same LAN, manipulating client‑side state to trigger the password‑reset function, and thereby obtain unrestricted administrative rights. The vulnerability requires only network proximity and no additional privileges or exploits outside the device.

Generated by OpenCVE AI on April 18, 2026 at 05:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware update that addresses the authentication bypass in the password recovery feature.
  • Restrict access to the camera’s local web interface to trusted hosts or network segments, and disable the interface if not needed.
  • Implement network segmentation or VLAN controls so that only authorized personnel can reach the camera’s management ports.

Generated by OpenCVE AI on April 18, 2026 at 05:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link vigi C230i Mini
Tp-link vigi C240
Tp-link vigi C250
Tp-link vigi C340
Tp-link vigi C340s
Tp-link vigi C440
Tp-link vigi C540
Tp-link vigi C540-4g
Tp-link vigi C540s
Tp-link vigi C540v
Tp-link vigi Cx20 Series
Tp-link vigi Cx20i 1.0 Series
Tp-link vigi Cx20i 1.20 Series
Tp-link vigi Cx30 1.0 Series
Tp-link vigi Cx30 1.20 Series
Tp-link vigi Cx30i 1.0 Series
Tp-link vigi Cx30i 1.20 Series
Tp-link vigi Cx40i 1.0 Series
Tp-link vigi Cx40i 1.20 Series
Tp-link vigi Cx45 Series
Tp-link vigi Cx50 Series
Tp-link vigi Cx55 Series
Tp-link vigi Cx85 Series
Tp-link vigi Insight S345-4g
Tp-link vigi Insight S655i
Tp-link vigi Insight Sx25 Series
Tp-link vigi Insight Sx45 Series
Tp-link vigi Insight Sx45zi Series
Tp-link vigi Insight Sx55 Series
Tp-link vigi Insight Sx85 Series
Tp-link vigi Insight Sx85pi Series
Vendors & Products Tp-link
Tp-link vigi C230i Mini
Tp-link vigi C240
Tp-link vigi C250
Tp-link vigi C340
Tp-link vigi C340s
Tp-link vigi C440
Tp-link vigi C540
Tp-link vigi C540-4g
Tp-link vigi C540s
Tp-link vigi C540v
Tp-link vigi Cx20 Series
Tp-link vigi Cx20i 1.0 Series
Tp-link vigi Cx20i 1.20 Series
Tp-link vigi Cx30 1.0 Series
Tp-link vigi Cx30 1.20 Series
Tp-link vigi Cx30i 1.0 Series
Tp-link vigi Cx30i 1.20 Series
Tp-link vigi Cx40i 1.0 Series
Tp-link vigi Cx40i 1.20 Series
Tp-link vigi Cx45 Series
Tp-link vigi Cx50 Series
Tp-link vigi Cx55 Series
Tp-link vigi Cx85 Series
Tp-link vigi Insight S345-4g
Tp-link vigi Insight S655i
Tp-link vigi Insight Sx25 Series
Tp-link vigi Insight Sx45 Series
Tp-link vigi Insight Sx45zi Series
Tp-link vigi Insight Sx55 Series
Tp-link vigi Insight Sx85 Series
Tp-link vigi Insight Sx85pi Series

Wed, 21 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
References

Wed, 21 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
References

Fri, 16 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Title Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Vigi C230i Mini Vigi C240 Vigi C250 Vigi C340 Vigi C340s Vigi C440 Vigi C540 Vigi C540-4g Vigi C540s Vigi C540v Vigi Cx20 Series Vigi Cx20i 1.0 Series Vigi Cx20i 1.20 Series Vigi Cx30 1.0 Series Vigi Cx30 1.20 Series Vigi Cx30i 1.0 Series Vigi Cx30i 1.20 Series Vigi Cx40i 1.0 Series Vigi Cx40i 1.20 Series Vigi Cx45 Series Vigi Cx50 Series Vigi Cx55 Series Vigi Cx85 Series Vigi Insight S345-4g Vigi Insight S655i Vigi Insight Sx25 Series Vigi Insight Sx45 Series Vigi Insight Sx45zi Series Vigi Insight Sx55 Series Vigi Insight Sx85 Series Vigi Insight Sx85pi Series
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-26T14:44:46.968Z

Reserved: 2026-01-06T00:07:04.905Z

Link: CVE-2026-0629

cve-icon Vulnrichment

Updated: 2026-01-16T17:38:44.636Z

cve-icon NVD

Status : Deferred

Published: 2026-01-16T18:16:09.190

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0629

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:45:38Z

Weaknesses