Authentication Bypass in Tapo C200 V3 by TP-Link
CVE-2025-14300

8.7HIGH

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tapo C200 V3
Vendor: CVE Published:; 20 December 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-14300?

The Tapo C200 V3 from TP-Link has a significant security flaw within its HTTPS service, exposing a connectAP interface that lacks adequate authentication mechanisms. This vulnerability allows an unauthenticated attacker on the same local network segment to exploit the device, enabling them to alter Wi-Fi settings. Such unauthorized changes can lead to loss of connectivity for legitimate users and can result in a denial-of-service situation, impacting the overall functionality of the device.

Affected Version(s)

Tapo C200 V3 0

References

https://www.tp-link.com/us/support/download/tapo-c200/v3/...

https://www.tp-link.com/us/support/faq/4849/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2025
Vulnerability Reserved
Dec 8, 2025

Credit

Simone Margaritelli (evilsocket)

JSON