QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14300

Published: Dec 20, 2025

Modified: Apr 3, 2026

PUBLISHED

Description

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).

Vendor	Product	Versions
TP-Link Systems Inc.	Tapo C200 V3	affected `0 - < V3_1.4.5 Build 251104`
TP Link Systems Inc.	Tapo C100 v5	affected `0 - < V5_1.4.4 Build 260303`

Weaknesses (CWE)

References

https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes

patch

https://www.tp-link.com/us/support/faq/4849/

vendor-advisory

https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes

patch

https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes

patch

https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.