Volerion logoVolerion
Volerion logoVolerion

TP-Link Tapo H100 and P100 Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attack

Vulnerability

A vulnerability allowing improper certificate validation has been identified in the TP-Link Tapo H100 v1 and Tapo P100 v1. This vulnerability allows an on-path attacker on the same network segment to intercept and modify encrypted communications between the devices and the cloud. As a result, the confidentiality and integrity of the data exchanged can be compromised, potentially leading to unauthorized manipulation of device information or control.

Impact

Exploitation of this vulnerability could allow an attacker to intercept and alter encrypted communications between the affected devices and the cloud, leading to unauthorized changes in device data or operations.

Remediation

Users are advised to update to the latest firmware version. Instructions for downloading the updated firmware are available on the TP-Link support pages for both the Tapo H100 and Tapo P100.

Added: Feb 5, 2026, 7:19 PM
Updated: Feb 5, 2026, 9:08 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
4.0
remediation
7.7
relevance
2.5
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.