CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices. The post TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking appeared first on SecurityWeek.

TP-Link vulnerabilities

TP-Link has patched a serious vulnerability that can be exploited to take control of more than 32 of its VIGI C and VIGI InSight series professional surveillance camera models.

The security hole, tracked as CVE-2026-0629 and classified as high severity, is described in a TP-Link advisory published last week as an authentication bypass flaw affecting the password recovery feature in the cameras’ local web interface.

The flaw, according to TP-Link, “allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state”, enabling them to gain full admin access to the device.

The vulnerability was discovered by Arko Dhar, co-founder and CTO of IoT cybersecurity company Redinent Innovations.  

Dhar told SecurityWeek that an attacker could exploit the vulnerability to gain complete access to the targeted camera, including its video feed and other functionality. 

The researcher warned that the flaw can be exploited remotely and noted that at the time of discovery in October 2025 he had identified more than 2,500 internet-exposed cameras worldwide that may have been vulnerable to attacks. 

However, he only looked for instances of a single affected camera model. The actual number of exposed devices across all impacted models may be much higher. 

TP-Link’s VIGI cameras are used by organizations in over 36 countries and regions, primarily in Europe, Southeast Asia, and the Americas.

It’s not uncommon for threat actors to target TP-Link products in their attacks. CISA’s Known Exploited Vulnerabilities (KEV) catalog currently lists five TP-Link flaws exploited in attacks in recent years, but they all impact wireless routers and range extenders.

Nevertheless, hackers often exploit vulnerabilities in other camera brands in the wild, making it important for organizations not to ignore the recently disclosed flaw. 

Related: No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking

Related: Critical Vulnerabilities Patched in TP-Link’s Omada Gateways

Related: CISA Warns of Avtech Camera Vulnerability Exploited in Wild

Latest News

CYBERNEWSMEDIAPublisher