Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3442
PUBLISHED
More InfoOfficial Page
Assigner-CERT-In
Assigner Org ID-66834db9-ab24-42b4-be80-296b2e40335c
View Known Exploited Vulnerability (KEV) details
Published At-09 Apr, 2025 | 07:02
Updated At-11 Apr, 2025 | 05:33
Rejected At-
▼CVE Numbering Authority (CNA)
Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub

This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

Affected Products
Vendor
TP-Link Systems Inc.TP-Link
Product
Tapo H200 V1 IoT Smart Hub
Default Status
unaffected
Versions
Affected
  • <=1.4.0
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312: Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312: Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.04.4MEDIUM
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-37CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC ID: CAPEC-37
Description: CAPEC-37 Retrieve Embedded Sensitive Data
Solutions

Upgrade TP-Link Tapo H200 V1 IoT Smart Hub to firmware version 1.5.0 or higher http://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340... http://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340.bin

Configurations
Workarounds
Exploits
Credits
finder
This vulnerability is reported by Shravan Singh, Ganesh Bakare, and Abhinav Giridhar from Mumbai, India.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072
third-party-advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found