CVE-2022-37255

HIGH

TP-Link Tapo C310 1.3.0 - Unauthenticated Video Feed Access via Hard-coded RTSP Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37255. PoCs published by dsclee1.

AI-analyzed exploit summary This exploit details an authentication bypass vulnerability in Tapo C310 RTSP server v1.3.0, where default credentials allow unauthorized access to the video stream. The credentials were extracted from the 'cet' binary on the camera.

Description

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.

Exploits (1)

exploitdb WRITEUP

by dsclee1 · textremotehardware

https://www.exploit-db.com/exploits/51107

View Code ZIP pw:eip

This exploit details an authentication bypass vulnerability in Tapo C310 RTSP server v1.3.0, where default credentials allow unauthorized access to the video stream. The credentials were extracted from the 'cet' binary on the camera.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Tapo C310 RTSP server v1.3.0

No auth needed

Prerequisites: Network access to the camera · RTSP server running on the camera

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/171540/Tapo-C310-RTSP-Server-1.3.0-Unauthorized-Video-Stream-Access.html

Product

https://www.tp-link.com/

Scores

CVSS v3 7.5

EPSS 0.0494

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

tp-link/tapo_c310_firmware 1.3.0

Published Apr 16, 2023

Tracked Since Feb 18, 2026