IoT Smart Hub Vulnerability in TP-Link Tapo H200 V1
CVE-2025-3442

4.4MEDIUM

Key Information:

Vendor: Tp-link
Status: Tapo H200 V1 Iot Smart Hub
Vendor: CVE Published:; 9 April 2025

Summary

The TP-Link Tapo H200 V1 IoT Smart Hub is vulnerable due to the insecure storage of Wi-Fi credentials in plain text within its firmware. This security flaw allows an attacker with physical access to the device to extract the firmware and analyze the binary data, potentially exposing sensitive Wi-Fi information. It highlights the critical need for secure practices in firmware development to safeguard user credentials from unauthorized access.

Affected Version(s)

Tapo H200 V1 IoT Smart Hub <=1.4.0

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 8, 2025

Credit

This vulnerability is reported by Shravan Singh, Ganesh Bakare, and Abhinav Giridhar from Mumbai, India.