CVE-2025-14300 | Severity.io

Description

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).

Related CPE's

Could not find any relations

References

https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes

https://www.tp-link.com/us/support/faq/4849/

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630

Secondary

CWE-306

CVSS impact metrics

Missing metrics for CVSS V

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

f23511db-6c3e-4e32-a477-6aa17d310630

Vulnerability status

Received

Published

2025-12-20T01:16:03.133

3 hours ago

Last modified

2025-12-20T01:16:03.133

3 hours ago