TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

Posted on By CWS

TP-Hyperlink has patched a critical vulnerability that may be exploited to take management of greater than 32 of its VIGI C and VIGI InSight sequence skilled surveillance digital camera fashions.

The safety gap, tracked as CVE-2026-0629 and labeled as excessive severity, is described in a TP-Hyperlink advisory revealed final week as an authentication bypass flaw affecting the password restoration function within the cameras’ native internet interface.

The flaw, in response to TP-Hyperlink, “permits an attacker on the LAN to reset the admin password with out verification by manipulating client-side state”, enabling them to realize full admin entry to the machine.

The vulnerability was found by Arko Dhar, co-founder and CTO of IoT cybersecurity firm Redinent Improvements.  

Dhar advised SecurityWeek that an attacker may exploit the vulnerability to realize full entry to the focused digital camera, together with its video feed and different performance. 

The researcher warned that the flaw could be exploited remotely and famous that on the time of discovery in October 2025 he had recognized greater than 2,500 internet-exposed cameras worldwide which will have been weak to assaults. Commercial. Scroll to proceed studying.

Nonetheless, he solely regarded for situations of a single affected digital camera mannequin. The precise variety of uncovered gadgets throughout all impacted fashions could also be a lot greater. 

TP-Hyperlink’s VIGI cameras are utilized by organizations in over 36 international locations and areas, primarily in Europe, Southeast Asia, and the Americas.

It’s not unusual for menace actors to focus on TP-Hyperlink merchandise of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog presently lists 5 TP-Hyperlink flaws exploited in assaults lately, however all of them affect wi-fi routers and vary extenders.

However, hackers usually exploit vulnerabilities in different digital camera manufacturers within the wild, making it necessary for organizations to not ignore the just lately disclosed flaw. 

Associated: No Patches for Vulnerabilities Permitting Cognex Industrial Digicam Hacking

Associated: Essential Vulnerabilities Patched in TP-Hyperlink’s Omada Gateways

Associated: CISA Warns of Avtech Digicam Vulnerability Exploited in Wild

Security Week News Tags:, , , , , , ,

Related Posts

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover  Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover  Security Week News
Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw Security Week News
New ‘Broadside’ Botnet Poses Risk to Shipping Companies New ‘Broadside’ Botnet Poses Risk to Shipping Companies Security Week News
Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management Security Week News
Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts Security Week News
Customer Service Firm 5CA Denies Responsibility for Discord Data Breach Customer Service Firm 5CA Denies Responsibility for Discord Data Breach Security Week News