As reported by Security Affairs, TP-Link has addressed a critical security flaw, CVE-2026-0629, impacting over 32 models of its VIGI C and VIGI InSight professional surveillance cameras, which could have allowed remote attackers to gain full control.The vulnerability, with a CVSS score of 8.7, allowed attackers on a local network to bypass authentication in the password recovery feature. By manipulating client-side state, an attacker could reset the administrator password without verification, granting them complete administrative access. Researcher Arko Dhar identified over 2,500 internet-exposed vulnerable cameras in October 2025, noting this number is likely higher as only one model was checked. The VIGI line is marketed toward business and enterprise users.Exploitation of this flaw could lead to significant security breaches, including unauthorized access to live and recorded video, potential spying, and lateral movement within corporate networks. The compromise of CCTV systems raises concerns about data privacy, regulatory compliance, and the potential for disruption of business operations.Source: Security Affairs
Vulnerability Management, IoT, Patch/Configuration Management, Privacy
TP-Link patches critical vulnerability in VIGI cameras

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



