Authentication Bypass in VIGI Camera Models by TP-Link

CVE-2026-0629

What is CVE-2026-0629?

CVE-2026-0629 is a significant vulnerability affecting various models of VIGI cameras produced by TP-Link Systems Inc. This vulnerability stems from an authentication bypass in the password recovery mechanism of the device’s local web interface. It enables an attacker on the same local area network (LAN) to manipulate the client-side state, allowing them to reset the administrator password without any verification. With administrative access, the attacker can alter configuration settings and compromise the overall security of the network. The vulnerability poses a serious threat to organizations relying on VIGI cameras for surveillance, as it can lead to unauthorized access and control over critical security infrastructure.

Potential impact of CVE-2026-0629

1. Unauthorized Access: Attackers can gain full control over the affected VIGI camera systems, allowing them to change settings, disable security features, or even access live camera feeds, compromising surveillance integrity.

2. Network Security Risks: By gaining administrative access, attackers can potentially exploit the camera for further attacks on the network, putting other connected systems at risk of compromise and increasing the organization's vulnerability to broader cyber threats.

3. Data Manipulation: With administrative control, attackers could alter or delete critical footage, affecting incident investigations, data integrity, and potentially evading detection for malicious activities conducted within the organization.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References