Hard-coded RSA Key Vulnerability in TP-Link Tapo C500 Cameras
CVE-2025-1099

7HIGH

Key Information:

Vendor: Tp-link
Status: Tapo C500 V1 Wi-fi Camera; Tapo C500 V2 Wi-fi Camera
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1099?

The TP-Link Tapo C500 Wi-Fi security cameras, namely versions V1 and V2, are vulnerable due to a hard-coded RSA private key embedded in their firmware. This flaw allows an attacker with physical access to the device to extract these cryptographic keys. Once compromised, these keys can facilitate impersonation attacks, enable data decryption, and allow for man-in-the-middle attacks against the vulnerable device, posing significant risks to the integrity and security of surveillance operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tapo C500 V1 Wi-Fi Camera <=1.1.4

Tapo C500 V2 Wi-Fi Camera <=1.0.2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 7, 2025

Credit

This vulnerability is reported by Shravan Singh from Mumbai, India

JSON

Tp-link

What is CVE-2025-1099?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.