Security Advisory on Authentication Bypass in Password Recovery Feature via Local Web App on VIGI Cameras (CVE-2026-0629)
74 Vulnerability Description:
Authentication bypass in the password recovery feature of the local web interface in VIGI cameras allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state
Impact:
Attackers can gain full administrative access to the device, compromising configuration and network security.
CVSS v4.0 Score: 8.7 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Series |
Models Included |
Fixed in Version |
|
VIGI Cx45 |
C345, C445 |
≥ 3.1.0 Build 250820 Rel.57668n |
|
VIGI Cx55 |
C355, C455 |
≥ 3.1.0 Build 250820 Rel.58873n |
|
VIGI Cx85 |
C385, C485 |
≥ 3.0.2 Build 250630 Rel.71279n |
|
VIGI C340S |
C340S |
≥ 3.1.0 Build 250625 Rel.65381n |
|
VIGI C540S |
C540S, EasyCam C540S |
≥ 3.1.0 Build 250625 Rel.66601n |
|
VIGI C540V |
C540V |
≥ 2.1.0 Build 250702 Rel.54300n |
|
VIGI C250 |
C250 |
≥ 2.1.0 Build 250702 Rel.54301n |
|
VIGI Cx50 |
C350, C450 |
≥ 2.1.0 Build 250702 Rel.54294n |
|
VIGI Cx20I (1.0) |
C220I 1.0, C320I 1.0, C420I 1.0 |
≥ 2.1.0 Build 251014 Rel.58331n |
|
VIGI Cx20I (1.20) |
C220I 1.20, C320I 1.20, C420I 1.20 |
≥ 2.1.0 Build 250701 Rel.44071n |
|
VIGI Cx30I (1.0) |
C230I 1.0, C330I 1.0, C430I 1.0 |
≥ 2.1.0 Build 250701 Rel.45506n |
|
VIGI Cx30I (1.20) |
C230I 1.20, C330I 1.20, C430I 1.20 |
≥ 2.1.0 Build 250701 Rel.44555n |
|
VIGI Cx30 (1.0) |
C230 1.0, C330 1.0, C430 1.0 |
≥ 2.1.0 Build 250701 Rel.46796n |
|
VIGI Cx30 (1.20) |
C230 1.20, C330 1.20, C430 1.20 |
≥ 2.1.0 Build 250701 Rel.46796n |
|
VIGI Cx40I (1.0) |
C240I 1.0, C340I 1.0, C440I 1.0 |
≥ 2.1.0 Build 250701 Rel.46003n |
|
VIGI Cx40I (1.20) |
C240I 1.20, C340I 1.20, C440I 1.20 |
≥ 2.1.0 Build 250701 Rel.45041n |
|
VIGI C230I Mini |
C230I Mini |
≥ 2.1.0 Build 250701 Rel.47570n |
|
VIGI C240 1.0 |
C240 1.0 |
≥ 2.1.0 Build 250701 Rel.48425n |
|
VIGI C340 2.0 |
C340 2.0 |
≥ 2.1.0 Build 250701 Rel.49304n |
|
VIGI C440 2.0 |
C440 2.0 |
≥ 2.1.0 Build 250701 Rel.49778n |
|
VIGI C540 2.0 |
C540 2.0 |
≥ 2.1.0 Build 250701 Rel.50397n |
|
VIGI C540‑4G |
C540‑4G |
≥ 2.2.0 Build 250826 Rel.56808n |
|
VIGI Cx40‑W |
C340‑W 2.0/2.20, C440‑W 2.0, C540‑W 2.0 |
≥ 2.1.1 Build 250717 |
|
VIGI Cx20 |
C320, C420 |
≥ 2.1.0 Build 250701 Rel.39597n |
|
VIGI InSight Sx45 |
S245, S345, S445 |
≥ 3.1.0 Build 250820 Rel.57668n |
|
VIGI InSight Sx55 |
S355, S455 |
≥ 3.1.0 Build 250820 Rel.58873n |
|
VIGI InSight Sx85 |
S285, S385 |
≥ 3.0.2 Build 250630 Rel.71279n |
|
VIGI InSight Sx45ZI |
S245ZI, S345ZI, S445ZI |
≥ 1.2.0 Build 250820 Rel.60930n |
|
VIGI InSight Sx85PI |
S385PI, S485PI |
≥ 1.2.0 Build 250827 Rel.66817n |
|
VIGI InSight S655I |
S655I |
≥ 1.1.1 Build 250625 Rel.64224n |
|
VIGI InSight S345‑4G |
S345‑4G |
≥ 2.1.0 Build 250725 Rel.36867n |
|
VIGI InSight Sx25 |
S225, S325, S425 |
≥ 1.1.0 Build 250630 Rel.39597n |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities.
IN: Download Center | TP-Link India
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.