Summary
TP-Link fixed a high-severity authentication bypass vulnerability (CVE-2026-0629) in its VIGI camera series that allowed local attackers to reset administrative passwords. The flaw enables full device takeover and potential lateral movement within corporate networks.
Take Action:
Make sure all CCTV devices are isolated from the internet and accessible from trusted networks only. Segment your surveillance cameras into a dedicated VLAN and if possible disable the password recovery feature on the local web interface. Then plan a patch cycle.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)