Recently, TP-Link has fixed a high-risk vulnerability in the C200 IP camera. Using the known Heartbleed vulnerability (located on the public TCP port 443), the user’s hashed password can be found in the memory dump. Then use the login process on the API to use the hash for a pass-the-hash attack. This causes a login token named “stok” to be issued, which can be used for user authentication of the device.
The attacker can perform authenticated API calls such as; moving the camera’s motor, format the SD card, create an RTSP account to view the camera’s video feed, and disable privacy mode.
Affected version
Tapo C200 1.7.0 Firmware version < 1.0.10
Unaffected version
Tapo C200 1.7.0 Firmware version>= 1.0.10
Solution
TP-Link has released a new firmware version to fix this vulnerability, users please upgrade the firmware to the unaffected version as soon as possible for protection.