https://labs.taszk.io/articles/tags/tp-link/ Recent content in TP-Link on taszk.io labs Hugo -- gohugo.io en https://labs.taszk.io/articles/post/tapocalypse/ Tue, 28 Apr 2026 00:00:00 +0000 https://labs.taszk.io/articles/post/tapocalypse/ Summary Following our hacking of Xiaomi home security cameras, we have decided to look at another market dominating vendor in our region, TP-LINK. In this post, we describe the major findings from our review of new generation TAPO security cameras: a pre-auth RCE stack BOF that can be exploited not only from the LAN but also from the WAN as a browser exploit, a severe authentication bypass vulnerability that allows the exploitation of 10+ post-auth and RCE-able vulnerabilities that we also identified in the HTTP and ONVIF server implementations (all patched in TP-Link’s April advisories), including a heap BOF that we also fully exploited for RCE, another authentication bypass vulnerability similar to the previous; this vulnerability remains unpatched today, with an advisory promised for April 20th but it did not happen a cryptographic design weakness that can enable a full cloud account compromise just from network access to one TP-LINK device of the cloud account; this vulnerability also remains unpatched today, with a patch promised for May All told, in the worst case, our findings would enable an attacker to go from a victim visiting a malicious link via browser from within the same LAN as their TP-LINK smart camera, to full takeover of every TP-LINK smart device connected to the cloud account of the user.