CVE-2025-14553

Vulnerability Description

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.

Related Weaknesses (CWE)

CWE-200

References

https://apps.apple.com/us/app/tp-link-tapo/id1472718009
https://play.google.com/store/apps/details?id=com.tplink.iot
https://www.tp-link.com/us/support/faq/4840/

FAQ

What is CVE-2025-14553?

CVE-2025-14553 is a documented vulnerability. Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue ...

How severe is CVE-2025-14553?

CVSS scoring is not yet available for CVE-2025-14553. Check NVD for updates.

Is there a patch for CVE-2025-14553?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.