Key Takeaways
1. TP-Link has reported a security vulnerability in over 60 Vigi security camera models, posing a risk of unauthorized access.
2. Attackers can potentially bypass authentication in the password recovery function, allowing them to reset the admin password and gain full control of the cameras.
3. The vulnerability has been rated as high risk, with a CVSS score of 8.7 out of 10.
4. Affected models include the Vigi Cx40-W series, Vigi Cx40I (versions 1.0 and 1.20), and Vigi InSight Sx45ZI series.
5. TP-Link has released firmware updates to fix the issue and urges affected users to update their devices promptly.
TP-Link has announced a security concern regarding several of its security cameras. In a recent post on the company’s website, it mentioned over 60 Vigi models designed for business, which may be exposed to potential attacks.
Vulnerability Details
TP-Link explained that attackers might be able to evade the authentication steps in the password recovery function, which could permit them to reset the admin password. This means that the attacker could obtain complete access to the Vigi camera, putting your security at risk. Utilizing the Common Vulnerability Scoring System (CVSS) v4.0, TP-Link has classified this issue as high risk, assigning it a score of 8.7 out of 10.
Affected Models
The list of impacted TP-Link security cameras encompasses the Vigi Cx40-W series, the Vigi Cx40I (versions 1.0 and 1.20), as well as the Vigi InSight Sx45ZI series (notably, Vigi Insight S445ZI is currently priced at $209.59 on Amazon Marketplace). A full inventory of affected models can be accessed on the company’s support page.
Solutions Offered
To address this issue, TP-Link has put out several firmware updates for the Vigi security cameras. These updates are available in the company’s Download Center, where you can look up your specific model. TP-Link urges users who are affected to take action promptly.
Source:
Link