Click to skip the navigation bar
Search Online store
Search Online store Menu

Security Advisory on Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack (CVE-2025-15557)

Security Advisory
Updated 02-05-2026 17:44:02 PM Number of views for this article88

Vulnerability and Impact Description:

CVE-2025-15557:

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.

CVSS v4.0 Score: 7.5 / High

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Affected Product Model

Affected Version

Tapo H100 v1

< 1.6.1

Tapo P100 v1

< 1.2.6

Recommendations:

We strongly recommend that users with affected devices take the following actions:

  1. Follow the instructions to update to the latest firmware version to fix the vulnerabilities.

EN: https://www.tp-link.com/en/support/download/tapo-h100/

https://www.tp-link.com/en/support/download/tapo-p100/

US: https://www.tp-link.com/us/support/download/tapo-h100/

https://www.tp-link.com/us/support/download/tapo-p100/

Disclaimer:

If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Your Privacy Choices

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

These cookies are necessary for the website to function and cannot be deactivated in your systems.

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.