CVE-2025-14553 - Vulnerability Details - OpenCVE

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://apps.apple.com/us/app/tp-link-tapo/id1472718009
https://play.google.com/store/apps/details?id=com.tplink.iot
https://www.tp-link.com/us/support/faq/4840/

History

Tue, 16 Dec 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description		Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
Title		Password Hash Leak Could Lead to Unauthorized Access on Tapo 210 via Local Network
Weaknesses		CWE-200
References		https://apps.apple.com/us/app/tp-link-tapo/id1472718009 https://play.google.com/store/apps/details?id=com.tplink.iot https://www.tp-link.com/us/support/faq/4840/
Metrics		cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2025-12-16T18:38:08.805Z

Updated: 2025-12-16T19:10:54.148Z

Reserved: 2025-12-11T22:58:26.015Z

Link: CVE-2025-14553

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T19:15:54.307

Modified: 2025-12-16T19:15:54.307

Link: CVE-2025-14553

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14553", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-12-11T22:58:26.015Z", "datePublished": "2025-12-16T18:38:08.805Z", "dateUpdated": "2025-12-16T19:10:54.148Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Application"], "platforms": ["Android"], "product": "Tapo C210", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "3.1.6", "status": "affected", "version": "0", "versionType": "3.1.6"}]}, {"defaultStatus": "unaffected", "modules": ["Application"], "platforms": ["iOS"], "product": "Tapo C210", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "3.1.601", "status": "affected", "version": "0", "versionType": "3.1.601"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Juraj Ny\u00edri"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged."}], "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."}], "impacts": [{"capecId": "CAPEC-55", "descriptions": [{"lang": "en", "value": "CAPEC-55 Rainbow Table Password Cracking"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-12-16T18:38:08.805Z"}, "references": [{"url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"}, {"url": "https://play.google.com/store/apps/details?id=com.tplink.iot"}, {"url": "https://www.tp-link.com/us/support/faq/4840/"}], "source": {"discovery": "UNKNOWN"}, "title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo 210 via Local Network", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T19:09:57.442313Z", "id": "CVE-2025-14553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T19:10:54.148Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."}], "id": "CVE-2025-14553", "lastModified": "2025-12-16T19:15:54.307", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-12-16T19:15:54.307", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://play.google.com/store/apps/details?id=com.tplink.iot"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/4840/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}