QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1099

Published: Feb 10, 2025

Modified: Feb 14, 2025

PUBLISHED

Description

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.

Vendor	Product	Versions
TP-Link	Tapo C500 V1 Wi-Fi Camera	affected `<=1.1.4`
TP-Link	Tapo C500 V2 Wi-Fi Camera	affected `<=1.0.2`

Weaknesses (CWE)

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.