Vulnerability Description
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tapo H100 Firmware | < 1.6.1 |
| Tp-Link | Tapo H100 | 1.0 |
| Tp-Link | Tapo P100 Firmware | < 1.2.6 |
| Tp-Link | Tapo P100 | 1.0 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/tapo-h100/Product
- https://www.tp-link.com/en/support/download/tapo-p100/Product
- https://www.tp-link.com/us/support/download/tapo-h100/Product
- https://www.tp-link.com/us/support/download/tapo-p100/Product
- https://www.tp-link.com/us/support/faq/4949/Vendor Advisory
FAQ
What is CVE-2025-15557?
CVE-2025-15557 is a vulnerability with a CVSS score of 8.8 (HIGH). An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communic...
How severe is CVE-2025-15557?
CVE-2025-15557 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15557?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tapo H100 Firmware, Tp-Link Tapo H100, Tp-Link Tapo P100 Firmware, Tp-Link Tapo P100.