TP-Hyperlink has patched a critical vulnerability that may be exploited to take management of greater than 32 of its VIGI C and VIGI InSight sequence skilled surveillance digital camera fashions.
The safety gap, tracked as CVE-2026-0629 and labeled as excessive severity, is described in a TP-Hyperlink advisory revealed final week as an authentication bypass flaw affecting the password restoration function within the cameras’ native internet interface.
The flaw, in response to TP-Hyperlink, “permits an attacker on the LAN to reset the admin password with out verification by manipulating client-side state”, enabling them to realize full admin entry to the machine.
The vulnerability was found by Arko Dhar, co-founder and CTO of IoT cybersecurity firm Redinent Improvements.
Dhar advised SecurityWeek that an attacker may exploit the vulnerability to realize full entry to the focused digital camera, together with its video feed and different performance.
The researcher warned that the flaw could be exploited remotely and famous that on the time of discovery in October 2025 he had recognized greater than 2,500 internet-exposed cameras worldwide which will have been weak to assaults. Commercial. Scroll to proceed studying.
Nonetheless, he solely regarded for situations of a single affected digital camera mannequin. The precise variety of uncovered gadgets throughout all impacted fashions could also be a lot greater.
TP-Hyperlink’s VIGI cameras are utilized by organizations in over 36 international locations and areas, primarily in Europe, Southeast Asia, and the Americas.
It’s not unusual for menace actors to focus on TP-Hyperlink merchandise of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog presently lists 5 TP-Hyperlink flaws exploited in assaults lately, however all of them affect wi-fi routers and vary extenders.
However, hackers usually exploit vulnerabilities in different digital camera manufacturers within the wild, making it necessary for organizations to not ignore the just lately disclosed flaw.
Associated: No Patches for Vulnerabilities Permitting Cognex Industrial Digicam Hacking
Associated: Essential Vulnerabilities Patched in TP-Hyperlink’s Omada Gateways
Associated: CISA Warns of Avtech Digicam Vulnerability Exploited in Wild
