CVE-2025-3442

April 9, 2025, 8:02 p.m.

None
No Score

Description

This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

Product(s) Impacted

Product Versions
tapo_h200
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072

Tags

CWE-312
vdisclose@cert-in.org.in
2025-04-09
CVE-2025-3442

Timeline

Published: April 9, 2025, 7:15 a.m.
Last Modified: April 9, 2025, 8:02 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vdisclose@cert-in.org.in

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.