Description
The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.tp-link.com/en/support/faq/4693/
Scores
CVSS v4
7.0
EPSS
0.0016
EPSS Percentile
5.4%
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Published
Sep 30, 2025
Tracked Since
Feb 18, 2026