Description

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

INFO

Published Date :

2026-01-16T17:24:39.370Z

Last Modified :

2026-01-21T17:53:30.225Z

Source :

TPLink
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0629 vulnerability.

Vendors Products
Tp-link
  • Vigi C230i Mini
  • Vigi C240
  • Vigi C250
  • Vigi C340
  • Vigi C340s
  • Vigi C440
  • Vigi C540
  • Vigi C540-4g
  • Vigi C540s
  • Vigi C540v
  • Vigi Cx20 Series
  • Vigi Cx20i 1.0 Series
  • Vigi Cx20i 1.20 Series
  • Vigi Cx30 1.0 Series
  • Vigi Cx30 1.20 Series
  • Vigi Cx30i 1.0 Series
  • Vigi Cx30i 1.20 Series
  • Vigi Cx40i 1.0 Series
  • Vigi Cx40i 1.20 Series
  • Vigi Cx45 Series
  • Vigi Cx50 Series
  • Vigi Cx55 Series
  • Vigi Cx85 Series
  • Vigi Insight S345-4g
  • Vigi Insight S655i
  • Vigi Insight Sx25 Series
  • Vigi Insight Sx45 Series
  • Vigi Insight Sx45zi Series
  • Vigi Insight Sx55 Series
  • Vigi Insight Sx85 Series
  • Vigi Insight Sx85pi Series
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0629.

URL Resource
https://www.tp-link.com/us/support/faq/4906/ cve-icon cve-icon
https://www.vigi.com/en/support/download/ cve-icon cve-icon
https://www.vigi.com/in/support/download/ cve-icon cve-icon
https://www.vigi.com/us/support/download/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability