Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-0629
PUBLISHED
More InfoOfficial Page
Assigner-TPLink
Assigner Org ID-f23511db-6c3e-4e32-a477-6aa17d310630
View Known Exploited Vulnerability (KEV) details
Published At-16 Jan, 2026 | 17:24
Updated At-21 Jan, 2026 | 17:53
Rejected At-
▼CVE Numbering Authority (CNA)
Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

Affected Products
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx45 Series (S245/S345/S445)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250820_Rel.57668n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx45 Series (C345/C445)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250820_Rel.57668n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx55 Series (S355/S455)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250820_Rel.58873n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx55 Series (C355/C455)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250820_Rel.58873n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx85 Series (S285/S385)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.0.2_Build_250630_Rel.71279n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx85 Series (C385/C485)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.0.2_Build_250630_Rel.71279n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight S655I
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 1.1.1_Build_250625_Rel.64224n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 1.2.0_Build_250820_Rel.60930n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx85PI Series (S385PI/S485PI)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 1.2.0_Build_250827_Rel.66817n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C340S
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250625_Rel.65381n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C540S / EasyCam C540S
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 3.1.0_Build_250625_Rel.66601n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C540V
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250702_Rel.54300n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C250
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250702_Rel.54301n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx50 Series (C350/C450)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250702_Rel.54294n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_251014_Rel.58331n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.44071n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.45506n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.44555n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.46003n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.45041n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.46796n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.46796n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C230I Mini
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.47570n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C240 1.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.48425n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C340 2.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.49304n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C440 2.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.49778n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C540 2.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.50397n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C540-4G
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.2.0_Build_250826_Rel.56808n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.1_Build_250717_Rel.66528n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C440-W 2.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.1_Build_250717_Rel.66632n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI C540-W 2.0
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.1_Build_250717_Rel.67730n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight S345-4G
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250725_Rel.36867n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI InSight Sx25 Series (S225/S325/S425)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 1.1.0_Build_250630_Rel.39597n (custom)
Vendor
TP-Link Systems Inc.
Product
VIGI Cx20 Series (C320/C420)
Modules
  • Web app
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.0_Build_250701_Rel.39597n (custom)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-207CAPEC-207 Removing Important Client Functionality
CAPEC ID: CAPEC-207
Description: CAPEC-207 Removing Important Client Functionality
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vigi.com/us/support/download/
patch
https://www.vigi.com/en/support/download/
patch
https://www.vigi.com/in/support/download/
patch
https://www.tp-link.com/us/support/faq/4906/
vendor-advisory
Hyperlink: https://www.vigi.com/us/support/download/
Resource:
patch
Hyperlink: https://www.vigi.com/en/support/download/
Resource:
patch
Hyperlink: https://www.vigi.com/in/support/download/
Resource:
patch
Hyperlink: https://www.tp-link.com/us/support/faq/4906/
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found