Summary: A new vulnerability in the TP-Link Tapo H200 V1 IoT Smart Hub allows attackers with physical access to extract stored Wi-Fi credentials, posing a risk of unauthorized network access. CERT-In has highlighted this issue in a vulnerability note, emphasizing the importance of firmware updates and physical security. Users are urged to take immediate action to mitigate risks associated with this vulnerability, rated medium in severity.
Affected: TP-Link Tapo H200 V1 Smart Hub
Keypoints :
- Vulnerability Type: Information Disclosure, identified as CVE-2025-3442.
- Attack requires physical access to exploit weak credential storage in firmware version 1.4.0 or earlier.
- Recommendations include firmware updates, restricting physical access, and monitoring network activity.
- Potential risks involve unauthorized access to the home network and control over connected devices.
Source: https://thecyberexpress.com/flaw-in-tp-link-tapo-h200-smart-hub/