Auth bypass in Tp-link Systems Inc. Vigi C230i Mini

CVE-2026-0629

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attacker…

Vulnerability class: Broken Authentication

EPSS: 0.004 (35.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References