Auth bypass in Tp-link Systems Inc. Vigi C230i Mini
CVE-2026-0629
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attacker…
Vulnerability class: Broken Authentication
EPSS: 0.004 (35.6th percentile) — read the EPSS interpretation.
Affected products
- Tp-link Systems Inc. Vigi C230i Mini — versions 0
- Tp-link Systems Inc. Vigi C240 1.0 — versions 0
- Tp-link Systems Inc. Vigi C250 — versions 0
- Tp-link Systems Inc. Vigi C340 2.0 — versions 0
- Tp-link Systems Inc. Vigi C340s — versions 0
- Tp-link Systems Inc. Vigi C340-w 2.x Series (C340-w 2.0/c340-w 2.20) — versions 0
- Tp-link Systems Inc. Vigi C440 2.0 — versions 0
- Tp-link Systems Inc. Vigi C440-w 2.0 — versions 0
- Tp-link Systems Inc. Vigi C540 2.0 — versions 0
- Tp-link Systems Inc. Vigi C540-4g — versions 0
Weakness classification (CWE)
References
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory)