HOMEVULNERABILITIESCVE-2026-34126
HIGH

CVE-2026-34126

CWE-319Published: May 28, 2026· Updated: Jun 3, 2026

7.5
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:0.9th

Official Description

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization.

An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. 

An attacker

within the Bluetooth range could exploit this behavior using Bluetooth sniffing

or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth

communication, manipulate transmitted setup data and potentially gain

unauthorized control of the device during initialization.

D100C is the

chime delivered with your Tapo camera, and it is delivered with the following

Tapo products:

D130, D210, D235,

D225, TD21, TDB21 and TD25

NVD Source

Technical Analysis

CVE-2026-34126 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

tp-link6 products
tapo l535e firmwaretapo l535etapo p300 firmwaretapo p300tapo d100c firmwaretapo d100c
Source: NVD CPE · 8 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (6)

Quick Facts

CVE IDCVE-2026-34126
CVSS Score7.5 / 10
SeverityHIGH
WeaknessCWE-319
CISA KEVNo
EPSS (30d)0.01%
Affected1 vendor
PublishedMay 28, 2026

Related CVEs (CWE-319)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-34126 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.