Details of VAR-202512-2607

ID

VAR-202512-2607

CVE

CVE-2025-14300

TITLE

TP-LINK Technologies of tapo c200 Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024335

DESCRIPTION

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). However, all information handled by the software may be rewritten. Furthermore, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability do not affect other software

Trust: 1.62

sources: NVD: CVE-2025-14300 // JVNDB: JVNDB-2025-024335

AFFECTED PRODUCTS

vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.13	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.15	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.4	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.9	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.7	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.11	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.14	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.14	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.1	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.7	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.4	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.3	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.5	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.4	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.11	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.15	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.9	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.13	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.2	Trust: 0.8

sources: JVNDB: JVNDB-2025-024335 // NVD: CVE-2025-14300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-14300
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-14300
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-14300
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-14300
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2025-14300
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024335 // NVD: CVE-2025-14300 // NVD: CVE-2025-14300

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024335 // NVD: CVE-2025-14300

PATCH

title:

Security Advisory on Vulnerabilities in Tapo C200 (CVE-2025-8065, CVE-2025-14299 & CVE-2025-14300) | TP-Link

url:

https://www.tp-link.com/us/support/faq/4849/

Trust: 0.8

sources: JVNDB: JVNDB-2025-024335

EXTERNAL IDS

db:	NVD	id:	CVE-2025-14300	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024335	Trust: 0.8

sources: JVNDB: JVNDB-2025-024335 // NVD: CVE-2025-14300

REFERENCES

url:	https://www.tp-link.com/us/support/download/tapo-c200/v3/#firmware-release-notes	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/4849/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-14300	Trust: 0.8

sources: JVNDB: JVNDB-2025-024335 // NVD: CVE-2025-14300

SOURCES

db:	JVNDB	id:	JVNDB-2025-024335
db:	NVD	id:	CVE-2025-14300

LAST UPDATE DATE

2026-01-14T23:53:54.937000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024335	date:	2026-01-13T05:54:00
db:	NVD	id:	CVE-2025-14300	date:	2026-01-08T19:38:09.747

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024335	date:	2026-01-13T00:00:00
db:	NVD	id:	CVE-2025-14300	date:	2025-12-20T01:16:03.133