TP-Link VIGI Cameras Authentication Bypass Vulnerability in Password Recovery Feature

A vulnerability allowing authentication bypass in the password recovery feature of the local web interface has been identified across various VIGI camera models. This flaw enables an attacker on the local area network (LAN) to reset the admin password without proper verification by manipulating client-side state. As a result, attackers can gain full administrative access to the device, compromising both configuration and network security.

Impact

Exploitation of this vulnerability allows attackers to gain full administrative access to the affected VIGI cameras, enabling them to manipulate device configurations and potentially compromise network security.

Remediation

Users are advised to update to the latest firmware version available for their specific VIGI camera model. Firmware updates can be downloaded from the TP-Link VIGI Download Center.