CVE-2025-10991
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-10991, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-09-30

Last updated on: 2025-10-02

Assigner: TPLink

Description

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-09-30
Last Modified
2025-10-02
Generated
2026-07-06
AI Q&A
2025-09-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tp-link tapo_d230s1 v1.20

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the TP-Link Tapo D230S1 device (version V1.20 before firmware 1.2.2 Build 20250907). An attacker with physical access to the device can connect to the UART port and gain root access, allowing full control over the device as the root user. [1]

Impact Analysis

If exploited, this vulnerability allows an attacker with physical access to gain root-level control over the device, potentially compromising its confidentiality, integrity, and availability. This means the attacker can fully control the device, which could lead to unauthorized access, manipulation, or disruption of device functions. [1]

Detection Guidance

This vulnerability requires physical access to the device and involves connecting to the UART port to gain root access. Detection on the network or system remotely is not applicable since the attack vector is physical. There are no specific commands provided to detect this vulnerability remotely or on the network.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the TP-Link Tapo D230S1 device firmware to version 1.2.2 Build 20250907 or later, as this firmware update addresses and fixes the issue. Users should follow the official update instructions provided by TP-Link to ensure the device is no longer vulnerable. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10991. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart