Login Sign Up

CVE-2022-37255

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthorized access to the RTSP video feed of TP-Link Tapo C310 cameras by using hardcoded credentials (User: ---, Password: TPL075526460603). Anyone with network access to these devices can view live video streams without authentication. This affects all TP-Link Tapo C310 devices running firmware version 1.3.0.

💻 Affected Systems

Products:
  • TP-Link Tapo C310
Versions: 1.3.0
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Tapo C310 Firmware by Tp Link

View all CVEs affecting Tapo C310 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of privacy as attackers can monitor all camera feeds, potentially leading to surveillance, blackmail, or physical security breaches.

🟠

Likely Case

Unauthorized individuals accessing live video feeds to monitor private spaces without detection.

🟢

If Mitigated

If cameras are isolated on internal networks with proper segmentation, impact is limited to internal network compromise.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be accessed by anyone globally using the hardcoded credentials.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still access video feeds.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only network access and the hardcoded credentials. No special tools or skills needed beyond basic network connectivity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check TP-Link for latest firmware

Vendor Advisory: https://www.tp-link.com/

Restart Required: Yes

Instructions:

1. Log into TP-Link Tapo app. 2. Navigate to device settings. 3. Check for firmware updates. 4. Apply any available updates. 5. Reboot camera after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN or network segment without internet access

Firewall Rules

linux

Block RTSP port (554) access from untrusted networks

iptables -A INPUT -p tcp --dport 554 -j DROP
iptables -A INPUT -p udp --dport 554 -j DROP

🧯 If You Can't Patch

  • Physically disconnect cameras from networks when not in use
  • Place cameras in areas where video feed exposure would have minimal privacy impact

🔍 How to Verify

Check if Vulnerable:

Attempt to access RTSP stream using VLC or similar tool with credentials User: ---, Password: TPL075526460603 at rtsp://[camera-ip]:554/stream1

Check Version:

Check firmware version in TP-Link Tapo app under device settings

Verify Fix Applied:

After update, attempt same access - should fail with authentication error

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts on RTSP service
  • Successful RTSP connections using hardcoded credentials

Network Indicators:

  • RTSP traffic on port 554 from unexpected sources
  • Authentication strings containing 'TPL075526460603' in network captures

SIEM Query:

source_port:554 AND (user:"---" OR password:"TPL075526460603")

📊 Metadata

CVE ID: CVE-2022-37255
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-798
Published: April 16, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37255, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)