{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14300", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-12-08T22:05:13.804Z", "datePublished": "2025-12-20T00:43:39.476Z", "dateUpdated": "2026-04-03T21:39:17.347Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-03T21:39:17.347Z"}, "title": "Unauthenticated Access to connectAP API Endpoint on Tapo C100 and C200", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "Tapo C200 V3", "modules": ["ONVIF Server"], "versions": [{"status": "affected", "version": "0", "lessThan": "V3_1.4.5 Build 251104", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP Link Systems Inc.", "product": "Tapo C100 v5", "versions": [{"status": "affected", "version": "0", "lessThan": "V5_1.4.4 Build 260303", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).<br>"}]}], "references": [{"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/4849/", "tags": ["vendor-advisory"]}, {"url": "https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Simone Margaritelli (evilsocket)", "type": "finder"}, {"lang": "en", "value": "Azim Javed of CRAC Learning", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T16:11:04.458399Z", "id": "CVE-2025-14300", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:12:08.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14300", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-22T16:11:04.458399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:11:17.850Z"}}], "cna": {"title": "Unauthenticated Access to connectAP API Endpoint on Tapo C100 and C200", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Simone Margaritelli (evilsocket)"}, {"lang": "en", "type": "finder", "value": "Azim Javed of CRAC Learning"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "modules": ["ONVIF Server"], "product": "Tapo C200 V3", "versions": [{"status": "affected", "version": "0", "lessThan": "V3_1.4.5 Build 251104", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP Link Systems Inc.", "product": "Tapo C100 v5", "versions": [{"status": "affected", "version": "0", "lessThan": "V5_1.4.4 Build 260303", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/4849/", "tags": ["vendor-advisory"]}, {"url": "https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).", "supportingMedia": [{"type": "text/html", "value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-03T21:39:17.347Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14300", "state": "PUBLISHED", "dateUpdated": "2026-04-03T21:39:17.347Z", "dateReserved": "2025-12-08T22:05:13.804Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2025-12-20T00:43:39.476Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_230228:*:*:*:*:*:*", "matchCriteriaId": "CABD8DE6-9904-499D-919F-9DBD42BE6762", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.4:build_230424:*:*:*:*:*:*", "matchCriteriaId": "254031B5-7CC7-4B9D-970B-FAA6EBC3EAFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_230717:*:*:*:*:*:*", "matchCriteriaId": "9D61B481-8262-44D4-9A1D-9967AB1805DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.7:build_230920:*:*:*:*:*:*", "matchCriteriaId": "50D2F368-F8C8-41E1-9360-8CDF9F89E566", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.9:build_231019:*:*:*:*:*:*", "matchCriteriaId": "EF80958C-4274-4DEA-9730-176E3E6F21F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.11:build_231115:*:*:*:*:*:*", "matchCriteriaId": "7AA1B7FA-D418-46B2-A530-BF67E550E38F", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.13:build_240327:*:*:*:*:*:*", "matchCriteriaId": "DC4382B5-C7EC-4B98-AF28-8D08D0771133", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.14:build_240513:*:*:*:*:*:*", "matchCriteriaId": "1FCE1F5E-E84B-4CF4-B8A4-7A3448A0D127", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.15:build_240715:*:*:*:*:*:*", "matchCriteriaId": "C05AC5C2-5BB7-499A-AE2B-414103317D47", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.1:build_241212:*:*:*:*:*:*", "matchCriteriaId": "C1ED28D6-9441-440A-81D8-EB539D50BB56", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.2:build_250313:*:*:*:*:*:*", "matchCriteriaId": "51E28752-8B46-48CD-86B5-437449AED7C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.4:build_250922:*:*:*:*:*:*", "matchCriteriaId": "ECBC265E-2AA6-471E-A7BE-8F35DDA28645", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*", "matchCriteriaId": "101FA54E-1A3D-4A38-BBD0-8DAFAC414EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS)."}], "id": "CVE-2025-14300", "lastModified": "2026-04-03T22:16:24.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-12-20T01:16:03.133", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Release Notes"], "url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/support/faq/4849/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:19:27.501246+00:00", "value": {"mitigation_remediation": ["Update the firmware on all Tapo C100 v5 and Tapo C200 V3 devices to a version that includes the connectAP authentication fix, as announced by TP\u2011Link on their support site.", "Until a patch is applied, block or limit access to the device\u2019s HTTPS service on the local network, for example by using a firewall or VLAN to isolate the smart\u2011home devices from untrusted hosts.", "If immediate patching or network isolation is not possible, consider disabling the connectAP functionality through device settings or by using a local network firewall rule that drops traffic to the specific API endpoint.", "Monitor the device\u2019s logs or network traffic for unexpected calls to the connectAP endpoint and alert on any unauthorized activity."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected devices are TP\u2011Link Tapo C100 v5 and TP\u2011Link Tapo C200 V3. Additional firmware versions may be impacted, but the current report does not list specific firmware revisions beyond the product model and nominal release. Information about the exact firmware build numbers that are vulnerable is not supplied.", "description_and_impact": "The vulnerability consists of an unauthenticated HTTPS endpoint named connectAP on the Tapo C100 and C200 devices. Without proper authentication, an attacker on the same local network can invoke the API to change the device\u2019s Wi\u2011Fi configuration. The change can cause the device to disconnect from the network, effectively denying access to the smart\u2011home functionality. The flaw is identified as CWE\u2011306, a missing authentication weakness.", "risk_and_exploitability": "The CVSS score of 8.7 places the weakness in the high range, and the EPSS score of less than 1% indicates that the likelihood of exploitation is low at present. The vulnerability is not listed in the CISA KEV catalog, suggesting no known exploited instances. The attack vector is inferred to be local\u2011network based, as the exploit requires the attacker to be on the same LAN segment as the device. Once the endpoint is accessed, the attacker can modify Wi\u2011Fi settings and render the device unreachable, causing an outage for any services that rely on it."}}}}, "created": "2025-12-21T21:12:28.235195+00:00", "updated": "2026-04-22T20:30:26.769428+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$tapo", "tp-link$PRODUCT$tapo_c200", "tp-link$PRODUCT$tapo_c200_v3"]}