CVE-2025-1099

HIGH

Tapo C500 Wi-Fi camera - Info Disclosure

Title source: llm

Description

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017

Scores

CVSS v4 7.0

EPSS 0.0001

EPSS Percentile 2.0%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-321

Status published

Products (2)

TP-Link/Tapo C500 V1 Wi-Fi Camera <=1.1.4

TP-Link/Tapo C500 V2 Wi-Fi Camera <=1.0.2

Published Feb 10, 2025

Tracked Since Feb 18, 2026