TP-Link Systems Inc. VIGI Series IP Camera

Plan PatchCVSS 8.8ICS-CERT ICSA-26-036-01Feb 5, 2026

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TP-Link VIGI Series IP cameras contain an authentication bypass vulnerability (CWE-287) that allows unauthorized users to gain administrative access without valid credentials. The vulnerability affects 34 camera models and series, including VIGI Cx45, Cx55, Cx85, C540S, C540V, C250, Cx50, Cx20I, Cx30I, Cx30, Cx40I, C230I Mini, C240, C340, C440, C540, C540-4G, Cx40-W, Cx20, InSight Sx45, Sx55, Sx85, Sx45ZI, Sx85PI, S655I, S345-4G, and Sx25 series. TP-Link indicates no firmware patches are currently available for any affected model.

What this means

What could happen

An attacker with access to the camera's network could gain administrative control of the VIGI camera without entering valid credentials, allowing them to alter video recording settings, disable recording, or redirect video streams.

Who's at risk

Security teams and facility managers responsible for VIGI closed circuit television (CCTV) systems should take action. This affects a broad range of TP-Link VIGI camera models including fixed dome cameras (C3xx, C4xx, C5xx series), turret cameras, and mini cameras deployed in building security, traffic monitoring, parking lot surveillance, and perimeter monitoring applications in municipal utilities, water authorities, and other critical infrastructure facilities.

How it could be exploited

An attacker on the same local network segment as the VIGI camera can send a crafted authentication bypass request to the camera's web interface or management port. The camera fails to properly validate authentication, granting the attacker administrative privileges without requiring credentials.

Prerequisites

Network access to the VIGI camera (typically TCP port 80 or 443 on the local network)
Camera must be powered on and connected to the network
No credentials required

remotely exploitable over local networkno authentication requiredlow complexity attackno patch available yetaffects surveillance systemsbroad product range

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (32)

32 pending

ProductAffected VersionsFix Status

VIGI Cx45 Series Models C345, C445: <=3.1.0_Build_250820_Rel.57668n≤ 3.1.0 Build 250820 Rel.57668nNo fix yet

VIGI Cx55 Series Models C355, C455: <=3.1.0_Build_250820_Rel.58873n≤ 3.1.0 Build 250820 Rel.58873nNo fix yet

VIGI Cx85 Series Models C385, C485: <=3.0.2_Build_250630_Rel.71279n≤ 3.0.2 Build 250630 Rel.71279nNo fix yet

VIGI C340S Series: <=3.1.0_Build_250625_Rel.65381n≤ 3.1.0 Build 250625 Rel.65381nNo fix yet

VIGI C540S Series Models C540S, EasyCam C540S: <=3.1.0_Build_250625_Rel.66601n≤ 3.1.0 Build 250625 Rel.66601nNo fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation to isolate VIGI cameras on a separate VLAN with restricted access from administrative and operational networks

WORKAROUNDApply firewall rules to limit access to VIGI camera management ports (typically 80, 443, 8080) to only authorized IP addresses or a dedicated camera management workstation

WORKAROUNDDisable remote access features (web interface access from outside the local network) on all VIGI cameras until a patch is available

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXMonitor TP-Link VIGI support pages regularly for firmware updates; deploy updates to all affected camera models as soon as patches become available

HOTFIXIf firmware updates become available, schedule maintenance windows to update cameras to patched versions

CVEs (1)

CVE-2026-0629

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0420413f-ff2c-49a6-98f2-5412bec40e6b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.