Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute for

APPLICATION

FIRMWARE

MOBILE

16-12-2025 19:33

CVE-2025-14553 Vulnerabilidad documentada

Sin puntuación

Tags

#change

#android

#mobile

#firmware

#application

#attackers

#authenticated

#pass

#password

#issue

#brute force

#allow

#attack

Descripción

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the local network. Issue can be mitigated mobile application updates. Device firmware remains unchanged.

https://apps.apple.com/us/app/tp-link-tapo/id1472718009

https://play.google.com/store/apps/details?id=com.tplink.iot

https://www.tp-link.com/us/support/faq/4840/

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-14553

Resultados similares

Coincidentes en almenos en 50% de los tags

16-12-2025 CVE-2023-53898
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticat...
Ver información

16-12-2025 CVE-2023-53896
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allow...
Ver información