Home

Description

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.

PUBLISHED Reserved 2025-09-25 | Published 2025-09-30 | Updated 2025-09-30 | Assigner TPLink




HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Product status

Default status
unaffected

Any version before 1.2.2 Build 20250907
affected

Credits

Simon Söderberg, Andreas Lindström, and Johan Klingström of JAS Project finder

References

www.tp-link.com/en/support/faq/4693/ vendor-advisory

cve.org (CVE-2025-10991)

nvd.nist.gov (CVE-2025-10991)

Download JSON