CVE-2026-0629

high

Description

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

References

https://www.vigi.com/us/support/download/

https://www.vigi.com/in/support/download/

https://www.vigi.com/en/support/download/

https://www.tp-link.com/us/support/faq/4899/

Details

Source: Mitre, NVD

Published: 2026-01-16

Updated: 2026-01-16

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High