TP-Link Tapo L535E
Moderate fix1 remedy
cpe:2.3:h:tp-link:tapo_l530e:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- v1.0
- v3.0
TP-Link Tapo Products Bluetooth Unencrypted Communication Vulnerability Allowing Unauthorized Control
Vulnerability
Patched
A vulnerability exists in TP-Link Tapo L535E (versions 1.0 and 3.0), Tapo P300 (version 1.0), and Tapo D100C (version 1.0). During the initial setup, Bluetooth communication is transmitted in cleartext without encryption. This vulnerability could be exploited by an attacker within Bluetooth range using sniffing or man-in-the-middle techniques, potentially allowing eavesdropping on the communication, manipulation of setup data, and unauthorized control of the device.
Impact
Exploitation could lead to unauthorized control of the affected device during the Bluetooth initialization phase.
Remediation
Users are advised to update their devices to the latest firmware version that addresses this vulnerability. For Tapo L535E, version 1.4.1 Build 251016 is available for download on the TP-Link website. Tapo P300 users can download version 1.4.2 Build 251219. For the Tapo D100C chime, firmware can be updated through the Tapo app.
Added: May 28, 2026, 8:03 PM
Updated: May 28, 2026, 8:03 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.2remediation
7.7relevance
9.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.