TP-Link Router Flaw Allows Auth Bypass Via Password Recovery Mechanism

A critical security flaw in TP-Link’s VIGI surveillance cameras allows attackers on local networks to change admin passwords without permission. CVE-2026-0629 identifies a critical flaw in the camera’s web interface password recovery, rated 8.7 on the CVSS v4.0 scale.

The authentication bypass issue arises from incorrect client-side state handling in the password recovery function. Attackers on the LAN can exploit this weakness to reset the admin password without verification, gaining full access to the device.

The vulnerability can be easily exploited by anyone with LAN access, as it doesn’t need elevated privileges, user interaction, or network attacks. Attackers can easily compromise confidentiality, integrity, and availability through nearby network access.

Attackers can exploit vulnerabilities in VIGI cameras to gain full control, allowing them to change settings and disable security features.

Affected Products and Mitigations:

Product Series	Models	Fixed Version
VIGI Cx45	C345, C445	≥ 3.1.0 Build 250820 Rel.57668n
VIGI Cx55	C355, C455	≥ 3.1.0 Build 250820 Rel.58873n
VIGI Cx85	C385, C485	≥ 3.0.2 Build 250630 Rel.71279n
VIGI C340S	C340S	≥ 3.1.0 Build 250625 Rel.65381n
VIGI C540S	C540S, EasyCam C540S	≥ 3.1.0 Build 250625 Rel.66601n
VIGI InSight Sx45	S245, S345, S445	≥ 3.1.0 Build 250820 Rel.57668n
VIGI InSight Sx55	S355, S455	≥ 3.1.0 Build 250820 Rel.58873n

Complete patch details for all affected products can be found on TP-Link’s official support channels. TP-Link has released firmware updates for all affected devices to fix vulnerabilities. Organizations should download and install the latest versions right away from the Download Center.