CVE-2026-0629

HIGH

VIGI Camera Models - Auth Bypass

Title source: llm

Description

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

References (4)

[Various Sources] https://www.vigi.com/us/support/download/

[Various Sources] https://www.vigi.com/en/support/download/

[Various Sources] https://www.vigi.com/in/support/download/

[Various Sources] https://www.tp-link.com/us/support/faq/4906/

Scores

CVSS v4 8.7

EPSS 0.0002

EPSS Percentile 5.8%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (34)

TP-Link Systems Inc./VIGI C230I Mini < 2.1.0_Build_250701_Rel.47570n

TP-Link Systems Inc./VIGI C240 1.0 < 2.1.0_Build_250701_Rel.48425n

TP-Link Systems Inc./VIGI C250 < 2.1.0_Build_250702_Rel.54301n

TP-Link Systems Inc./VIGI C340 2.0 < 2.1.0_Build_250701_Rel.49304n

TP-Link Systems Inc./VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20) < 2.1.1_Build_250717_Rel.66528n

TP-Link Systems Inc./VIGI C340S < 3.1.0_Build_250625_Rel.65381n

TP-Link Systems Inc./VIGI C440 2.0 < 2.1.0_Build_250701_Rel.49778n

TP-Link Systems Inc./VIGI C440-W 2.0 < 2.1.1_Build_250717_Rel.66632n

TP-Link Systems Inc./VIGI C540 2.0 < 2.1.0_Build_250701_Rel.50397n

TP-Link Systems Inc./VIGI C540-4G < 2.2.0_Build_250826_Rel.56808n

... and 24 more

Published Jan 16, 2026

Tracked Since Feb 18, 2026