Tapo
This hub aggregates every CVE we track for Tapo, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5LOW2HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Tapo.
- CVE-2025-9293Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception9.6
- CVE-2025-9292Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers2.4
- CVE-2025-4975Tapo privilege escalation on shared devices using notifications3.3
- CVE-2024-31340TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypte...4.8
- CVE-2023-27098TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.7.5
- CVE-2023-34829Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.6.5
- CVE-2023-38907An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages en...7.5
- CVE-2023-38909An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive infor...6.5
- CVE-2023-38908An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive infor...6.5
- CVE-2023-38906An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensi...6.5
Product normalization is registry-driven with AI assist and human review. How it works