Primary

Context

TP-Link Tapo App Privilege Escalation Vulnerability on Shared Devices

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the TP-Link Tapo app for Android, version 3.10.513 and prior. When a low battery notification is received on a shared device, tapping the notification allows the user to access and modify the device's power settings. This issue arises because the notification system bundles various alerts together, creating a potential oversight in managing critical device settings.

Impact

Exploitation of this vulnerability allows a user with limited privileges to gain full access to the power settings of a shared device.

Remediation

Users are advised to update to the latest version of the TP-Link Tapo app for Android, version 3.10.513 or above, to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo App Privilege Escalation Vulnerability on Shared Devices

Vulnerability

Impact

Remediation

Affected Products

TP-Link Tapo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating