Vulnerability Management, IoT, Patch/Configuration Management, Privacy

TP-Link patches critical vulnerability in VIGI cameras

(Adobe Stock)

As reported by Security Affairs, TP-Link has addressed a critical security flaw, CVE-2026-0629, impacting over 32 models of its VIGI C and VIGI InSight professional surveillance cameras, which could have allowed remote attackers to gain full control.

The vulnerability, with a CVSS score of 8.7, allowed attackers on a local network to bypass authentication in the password recovery feature. By manipulating client-side state, an attacker could reset the administrator password without verification, granting them complete administrative access. Researcher Arko Dhar identified over 2,500 internet-exposed vulnerable cameras in October 2025, noting this number is likely higher as only one model was checked. The VIGI line is marketed toward business and enterprise users.

Exploitation of this flaw could lead to significant security breaches, including unauthorized access to live and recorded video, potential spying, and lateral movement within corporate networks. The compromise of CCTV systems raises concerns about data privacy, regulatory compliance, and the potential for disruption of business operations.

Source: Security Affairs

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds