CVE-2025-1099

Feb. 14, 2025, 12:15 p.m.

None
No Score

Description

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.

Product(s) Impacted

Product Versions
TP-Link Tapo C500
  • V1
  • V2

Weaknesses

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017

Tags

CWE-321
vdisclose@cert-in.org.in
2025-02-10
CVE-2025-1099

Date

  • Published: Feb. 10, 2025, 11:15 a.m.
  • Last Modified: Feb. 14, 2025, 12:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vdisclose@cert-in.org.in

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.