CVE-2025-15557
Improper Certificate Validation in TP-Link Tapo Enables Data Manipulation
Publication date: 2026-02-05
Last updated on: 2026-02-12
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_h100_firmware | to 1.6.1 (exc) |
| tp-link | tapo_p100_firmware | to 1.2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15557 is an Improper Certificate Validation vulnerability found in TP-Link Tapo H100 v1 and Tapo P100 v1 devices.
This flaw allows an on-path attacker who is on the same network segment to intercept and modify encrypted communications between the device and the cloud.
As a result, the confidentiality and integrity of device-to-cloud communication can be compromised, enabling the attacker to manipulate device data or operations.
How can this vulnerability impact me? :
This vulnerability can lead to a man-in-the-middle attack where an attacker intercepts and alters the encrypted communication between your TP-Link device and the cloud.
Such interception and modification can compromise the confidentiality and integrity of your device data.
Consequently, the attacker may manipulate device data or operations, potentially causing unauthorized control or disruption of your device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an on-path attacker intercepting and modifying encrypted communications between TP-Link Tapo H100 v1 or Tapo P100 v1 devices and the cloud. Detection would involve monitoring network traffic for signs of man-in-the-middle attacks or unexpected certificate validation failures.
Specific commands or tools to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update their TP-Link Tapo H100 v1 devices to firmware version 1.6.1 or later, and Tapo P100 v1 devices to firmware version 1.2.6 or later.
Firmware updates are available on TP-Linkβs official support websites for the respective devices.
Failure to update leaves devices exposed to potential man-in-the-middle attacks that can compromise confidentiality and integrity of device-to-cloud communications.