CVE-2023-27126: The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is...
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.
Security readout for executives and security teams
This issue affects the TP-Link TAPO C200 camera V3 EU on firmware 1.1.22 Build 220725. The same encryption key and IV are reused across cameras, so someone with physical access can decrypt stored sensitive data, including Wi-Fi and TP-Link account credentials. Exposure is most relevant where affected TAPO C200 V3 EU cameras run firmware 1.1.22 Build 220725 and could be stolen, resold, serviced, or accessed by untrusted people. Treat this as a targeted confidentiality risk, not a broad remote compromise event. Prioritize sites where cameras may be physically accessible to outsiders or where exposed Wi-Fi credentials could affect business networks. Mitigation focus: Inventory TAPO C200 V3 EU cameras and record firmware versions.; Check TP-Link and Tapo guidance for firmware updates or official remediation.; Restrict physical access to cameras, storage areas, and returned devices..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-522: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-522 · source CWE mapping
Insufficiently Protected Credentials
Insufficiently Protected Credentials represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.