Critical Vulnerability Discovered in TP-Link Tapo H200 Smart Hub: Immediate Action Required

New Vulnerability Discovered in TP-Link Tapo H200 Smart Hub: Users Urged to Act

A recently identified vulnerability in the TP-Link Tapo H200 V1 IoT Smart Hub poses a significant risk to users, potentially exposing sensitive information, including Wi-Fi credentials. The Computer Emergency Response Team of India (CERT-In) has released a vulnerability note (CIVN-2025-0072) detailing the technical aspects and mitigation strategies for this flaw, which is rated medium in severity.

The Tapo H200 Smart Hub serves as a central control unit for various smart home devices, enabling users to automate routines and monitor security remotely. However, its convenience has made it an attractive target for cyber attackers. The vulnerability arises from the hub storing Wi-Fi credentials in plain text within its firmware, making it susceptible to exploitation if an attacker gains physical access to the device.

CERT-In has assigned the identifier CVE-2025-3442 to this issue, although comprehensive public details are yet to be disclosed. The vulnerability primarily affects users running firmware version 1.4.0 or earlier. Attackers with technical knowledge could extract the firmware, analyze it, and retrieve unencrypted credentials, granting them unauthorized access to the user’s home network.

While the requirement for physical access limits the scale of potential attacks, environments with shared spaces, such as offices or rental apartments, may be at higher risk. CERT-In recommends users check for firmware updates, restrict physical access to the device, and monitor network activity to mitigate potential threats.

As smart home technology continues to evolve, the incident underscores the importance of robust security measures. Users of the TP-Link Tapo H200 are urged to update their firmware and implement security best practices to safeguard their connected homes.