Which versions of TP-Link Tapo are affected by CVE-2026-34126?

TP-Link Tapo smart devices (models L535E, P300, D100C) can be compromised during initial setup through Bluetooth interception, enabling attackers to gain unauthorized control of devices in your…. A patch is available.

TP-Link Tapo CVE-2026-34126

Q: What is the CVSS score of CVE-2026-34126?

CVE-2026-34126 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

EUVD-2026-32969 HIGH

Cleartext Transmission of Sensitive Information (CWE-319)

2026-05-28 TPLink

GHSA-p93f-7gcr-x8pr

Authentication Bypass TP-Link Tapo L535E V1 0 V3 0 Tapo P300 V1 0 Tapo D100C V1 0

7.3

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 20:22 vuln.today

CVSS changed

May 28, 2026 - 18:22 NVD

7.3 (HIGH)

CVE Published

May 28, 2026 - 16:47 nvd

UNKNOWN (no severity yet)

DescriptionNVD

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization.

An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization.

D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products:

D130, D210, D235, D225, TD21, TDB21 and TD25

AnalysisAI

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept and manipulate initial setup data, enabling potential unauthorized device control during onboarding. The flaw stems from missing encryption on the Bluetooth pairing channel used only during initialization, and TP-Link has released patched firmware versions for all affected models. …

RemediationAI

Within 24 hours: Inventory all TP-Link Tapo L535E, P300, and D100C devices and defer any device provisioning until patches are applied. Within 7 days: Apply TP-Link's latest firmware patches (specific versions per vendor advisory) to all three affected models, prioritizing devices in office and shared environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3294 HIGH This Week

8.7 May 22

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac

CVE-2026-34126 vulnerability details – vuln.today

Back

TP-Link Tapo CVE-2026-34126

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

TP-Link Tapo CVE-2026-34126

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code