PatchSiren cyber security CVE debrief
CVE-2026-0629 TP-Link Systems Inc. CVE debrief
CVE-2026-0629 is a high-severity authentication bypass in the password recovery feature of TP-Link VIGI cameras’ local web interface. According to the CISA CSAF advisory, an attacker on the LAN can manipulate client-side state to reset the admin password without verification and then obtain full administrative access. TP-Link and CISA list firmware updates as the primary remediation, and the advisory was first published on 2026-02-05 with a metadata correction on 2026-02-11.
- Vendor
- TP-Link Systems Inc.
- Product
- VIGI Cx45 Series Models C345, C445
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-05
- Original CVE updated
- 2026-02-11
- Advisory published
- 2026-02-05
- Advisory updated
- 2026-02-11
Who should care
Organizations that operate TP-Link VIGI cameras, especially teams managing devices reachable from internal LANs. Network administrators, physical security teams, and integrators should prioritize this if camera web interfaces are exposed to broad internal access.
Technical summary
The advisory describes an authentication bypass in the password recovery flow of the cameras’ local web interface. The attacker model is adjacent-network (LAN) access: by manipulating client-side state, the attacker can reset the administrator password without verification. That leads to full administrative control of the device, with potential impact to configuration integrity and network security. The supplied CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, scored 8.8 (High).
Defensive priority
High. Treat as an urgent firmware-and-access-control issue because a LAN attacker can take over administration of affected cameras without prior credentials.
Recommended defensive actions
- Inventory TP-Link VIGI devices and compare them to the affected model list in the CSAF advisory.
- Apply the latest firmware from the TP-Link regional download center referenced in the advisory as soon as feasible.
- Restrict camera management interfaces to trusted hosts or a dedicated management VLAN; avoid broad LAN reachability where possible.
- Review administrator passwords and camera recovery settings after updating, and check for unexpected configuration changes.
- Monitor for unauthorized password resets or admin account changes on affected cameras.
- Use CISA’s ICS recommended practices and defense-in-depth guidance to reduce exposure around network-connected cameras.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-036-01 and its revision history. The source metadata lists 32 affected product names across multiple VIGI series, while the description highlights the password recovery issue and LAN attacker model. The remediation text in the advisory directs users to install the latest firmware and provides regional download links plus a TP-Link FAQ advisory page.
Official resources
-
CVE-2026-0629 CVE record
CVE.org
-
CVE-2026-0629 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-26-036-01 on 2026-02-05, with a revision on 2026-02-11 that corrected metadata and the vendor reference. This debrief uses the published advisory timeline, not generation time.