SpirityCVE

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Tp-link	Vigi C230i Mini Vigi C240 Vigi C250 Vigi C340 Vigi C340s Vigi C440 Vigi C540 Vigi C540-4g Vigi C540s Vigi C540v Vigi Cx20 Series Vigi Cx20i 1.0 Series Vigi Cx20i 1.20 Series Vigi Cx30 1.0 Series Vigi Cx30 1.20 Series Vigi Cx30i 1.0 Series Vigi Cx30i 1.20 Series Vigi Cx40i 1.0 Series Vigi Cx40i 1.20 Series Vigi Cx45 Series Vigi Cx50 Series Vigi Cx55 Series Vigi Cx85 Series Vigi Insight S345-4g Vigi Insight S655i Vigi Insight Sx25 Series Vigi Insight Sx45 Series Vigi Insight Sx45zi Series Vigi Insight Sx55 Series Vigi Insight Sx85 Series Vigi Insight Sx85pi Series

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.tp-link.com/us/support/faq/4906/
https://www.vigi.com/en/support/download/
https://www.vigi.com/in/support/download/
https://www.vigi.com/us/support/download/

History

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link vigi C230i Mini Tp-link vigi C240 Tp-link vigi C250 Tp-link vigi C340 Tp-link vigi C340s Tp-link vigi C440 Tp-link vigi C540 Tp-link vigi C540-4g Tp-link vigi C540s Tp-link vigi C540v Tp-link vigi Cx20 Series Tp-link vigi Cx20i 1.0 Series Tp-link vigi Cx20i 1.20 Series Tp-link vigi Cx30 1.0 Series Tp-link vigi Cx30 1.20 Series Tp-link vigi Cx30i 1.0 Series Tp-link vigi Cx30i 1.20 Series Tp-link vigi Cx40i 1.0 Series Tp-link vigi Cx40i 1.20 Series Tp-link vigi Cx45 Series Tp-link vigi Cx50 Series Tp-link vigi Cx55 Series Tp-link vigi Cx85 Series Tp-link vigi Insight S345-4g Tp-link vigi Insight S655i Tp-link vigi Insight Sx25 Series Tp-link vigi Insight Sx45 Series Tp-link vigi Insight Sx45zi Series Tp-link vigi Insight Sx55 Series Tp-link vigi Insight Sx85 Series Tp-link vigi Insight Sx85pi Series
Vendors & Products		Tp-link Tp-link vigi C230i Mini Tp-link vigi C240 Tp-link vigi C250 Tp-link vigi C340 Tp-link vigi C340s Tp-link vigi C440 Tp-link vigi C540 Tp-link vigi C540-4g Tp-link vigi C540s Tp-link vigi C540v Tp-link vigi Cx20 Series Tp-link vigi Cx20i 1.0 Series Tp-link vigi Cx20i 1.20 Series Tp-link vigi Cx30 1.0 Series Tp-link vigi Cx30 1.20 Series Tp-link vigi Cx30i 1.0 Series Tp-link vigi Cx30i 1.20 Series Tp-link vigi Cx40i 1.0 Series Tp-link vigi Cx40i 1.20 Series Tp-link vigi Cx45 Series Tp-link vigi Cx50 Series Tp-link vigi Cx55 Series Tp-link vigi Cx85 Series Tp-link vigi Insight S345-4g Tp-link vigi Insight S655i Tp-link vigi Insight Sx25 Series Tp-link vigi Insight Sx45 Series Tp-link vigi Insight Sx45zi Series Tp-link vigi Insight Sx55 Series Tp-link vigi Insight Sx85 Series Tp-link vigi Insight Sx85pi Series

Wed, 21 Jan 2026 18:30:00 +0000

Type	Values Removed	Values Added
References	https://www.tp-link.com/us/support/faq/4899/

Wed, 21 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
References		https://www.tp-link.com/us/support/faq/4906/

Fri, 16 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 16 Jan 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Title		Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras
Weaknesses		CWE-287
References		https://www.tp-link.com/us/support/faq/4899/ https://www.vigi.com/en/support/download/ https://www.vigi.com/in/support/download/ https://www.vigi.com/us/support/download/
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-01-16T17:24:39.370Z

Updated: 2026-01-21T17:53:30.225Z

Reserved: 2026-01-06T00:07:04.905Z

Link: CVE-2026-0629

Vulnrichment

Updated: 2026-01-16T17:38:44.636Z

NVD

Status : Received

Published: 2026-01-16T18:16:09.190

Modified: 2026-01-21T18:16:24.643

Link: CVE-2026-0629

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object