TP-Link Tapo C500 Wi-Fi Camera Hard-Coded RSA Private Key Vulnerability Allowing Cryptographic Key Extraction
Vulnerability
A vulnerability exists in the TP-Link Tapo C500 Wi-Fi camera, specifically in version 1.1.4 Build 240506 Rel.39487n and earlier for V1, and version 1.0.2 Build 240605 Rel.32561n and earlier for V2. The issue arises from a hard-coded RSA private key embedded in the device firmware. An attacker with physical access could exploit this vulnerability to extract the private keys, which could then be used for impersonation, data decryption, and man-in-the-middle attacks on the affected device.
Impact
Exploitation of this vulnerability could lead to unauthorized access to cryptographic private keys, allowing for impersonation, interception and decryption of data, and potentially facilitating man-in-the-middle attacks on the device.
Remediation
Users are advised to upgrade the TP-Link Tapo C500 V1 to version 1.3.2 and the Tapo C500 V2 to version 1.0.6.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.