Vulnerability Description
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Related Weaknesses (CWE)
References
- https://www.tp-link.com/us/support/faq/4906/
- https://www.vigi.com/en/support/download/
- https://www.vigi.com/in/support/download/
- https://www.vigi.com/us/support/download/
FAQ
What is CVE-2026-0629?
CVE-2026-0629 is a documented vulnerability. Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by m...
How severe is CVE-2026-0629?
CVSS scoring is not yet available for CVE-2026-0629. Check NVD for updates.
Is there a patch for CVE-2026-0629?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.