QwikSec

Security Database

CVE

CWE

Training

CVE-2025-15557

Published: Feb 5, 2026

Modified: Feb 5, 2026

PUBLISHED

Description

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.

Vendor	Product	Versions
TP-Link Systems Inc.	Tapo H100 v1	affected `0 - < 1.6.1`
TP-Link Systems Inc.	Tapo P100 v1	affected `0 - < 1.2.6`

Weaknesses (CWE)

References

https://www.tp-link.com/us/support/download/tapo-h100/

patch

https://www.tp-link.com/us/support/download/tapo-p100/

patch

https://www.tp-link.com/en/support/download/tapo-h100/

patch

https://www.tp-link.com/en/support/download/tapo-p100/

patch

https://www.tp-link.com/us/support/faq/4949/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.