Vulnerability Description
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tapo C200 Firmware | 1.3.3 |
| Tp-Link | Tapo C200 | 3 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes
- https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-NotesRelease Notes
- https://www.tp-link.com/us/support/faq/4849/Vendor Advisory
FAQ
What is CVE-2025-14300?
CVE-2025-14300 is a vulnerability with a CVSS score of 8.1 (HIGH). The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-...
How severe is CVE-2025-14300?
CVE-2025-14300 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14300?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tapo C200 Firmware, Tp-Link Tapo C200.