Request a Demo
Rewterz
5 Chrome Extensions Hijacking HR and ERP Systems
January 19, 2026
Rewterz
Critical Oracle WebLogic Proxy Flaw Allows Server Compromise
January 21, 2026

TP-Link Password Recovery Bug Enables Authentication Bypass

Severity

High

Analysis Summary

A critical authentication vulnerability, CVE-2026-0629, has been identified in TP-Link’s VIGI surveillance camera lineup, enabling attackers on local networks to reset administrative credentials without authorization. The flaw resides in the password recovery feature of the camera’s web interface and is classified as high severity. Exploitation requires no elevated privileges, user interaction, or network-level attacks, making it trivially accessible to any user connected to the same LAN. The vulnerability arises from improper client-side state manipulation, allowing attackers to bypass authentication and gain full administrative access.

Successful exploitation of this flaw allows adversaries to modify camera configurations, disable security controls, access recorded footage, and potentially use compromised devices as pivot points for lateral network movement. This poses a significant risk to organizations relying on VIGI cameras for critical surveillance infrastructure, impacting confidentiality, integrity, and availability of sensitive surveillance data. The attack vector is adjacent network (LAN) with low complexity, yet high potential impact, emphasizing the urgency of mitigation.

The vulnerability affects an extensive range of products, including 28 distinct VIGI camera series such as the Cx45, Cx55, Cx85, C340S, C540S, and InSight series. TP-Link has released firmware updates addressing the issue, with patched versions starting from Build 250625 to 250820, depending on the model. Organizations must immediately deploy these updates across all affected devices to prevent unauthorized access and potential operational disruption. Complete patch information is available via TP-Link’s region-specific support portals.

Given the ease of exploitation and widespread impact, CVE-2026-0629 represents a critical security risk for any deployment of TP-Link VIGI cameras. Immediate action is necessary to maintain network security posture, prevent unauthorized administrative access, and safeguard sensitive surveillance operations. Until the firmware is updated, all affected devices remain vulnerable, and TP-Link assumes no liability for incidents arising from failure to implement the recommended patches.

Impact

  • Gain Access

Indicators of Compromise

CVE

  • CVE-2026-0629

Affected Vendors

TP-Link

Remediation

  • Update firmware immediately.
  • Ensure all devices are running the updated firmware and confirm successful installation
  • Limit access to the cameras from untrusted or unauthorized devices on the local network until patched
  • Reset all administrative passwords to strong, unique values after applying firmware updates
  • Monitor network activity for unusual behavior, including configuration changes or unauthorized access attempts
  • Inform relevant personnel about the vulnerability and enforce security best practices for local network access
  • Continuously check TP-Link support portals for future firmware patches and security advisories