Hard-coded RSA Key Vulnerability in TP-Link Tapo C500 Cameras
CVE-2025-1099

7HIGH

Key Information:

Vendor: Tp-link
Status: Tapo C500 V1 Wi-fi Camera; Tapo C500 V2 Wi-fi Camera
Vendor: CVE Published:; 10 February 2025

Summary

The TP-Link Tapo C500 Wi-Fi security cameras, namely versions V1 and V2, are vulnerable due to a hard-coded RSA private key embedded in their firmware. This flaw allows an attacker with physical access to the device to extract these cryptographic keys. Once compromised, these keys can facilitate impersonation attacks, enable data decryption, and allow for man-in-the-middle attacks against the vulnerable device, posing significant risks to the integrity and security of surveillance operations.

Affected Version(s)

Tapo C500 V1 Wi-Fi Camera <=1.1.4

Tapo C500 V2 Wi-Fi Camera <=1.0.2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 7, 2025

Credit

This vulnerability is reported by Shravan Singh from Mumbai, India