Primary

Context

TP-Link Tapo H200 V1 IoT Smart Hub Wi-Fi Credentials Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability exists in the TP-Link Tapo H200 V1 IoT Smart Hub, specifically in firmware versions through 1.4.0. The issue arises from Wi-Fi credentials being stored in plain text within the device's firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the unencrypted Wi-Fi credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the user's Wi-Fi network by exposing the stored Wi-Fi credentials.

Remediation

Users are advised to upgrade the TP-Link Tapo H200 IoT Smart Hub to firmware version 1.5.0 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo H200 V1 IoT Smart Hub Wi-Fi Credentials Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating