THE article discusses a critical vulnerability affecting TP-Link's Tapo smart devices, identified as CVE-2026-34126, which has a high CVSS score of 7.3. The flaw allows unauthorized local attackers to gain control over household appliances due to an unencrypted Bluetooth transmission during the initial setup phase. Specific affected models include the Tapo L535E, P300, and D100C. Users are urged to upgrade their firmware to versions 1.4.1 for L535E, 1.4.2 (or 1.4.0) for P300, and 1.3.1 for D100C to mitigate the risk.
TP-Link Patches Critical Setup Flaw Across Multiple Tapo Smart Devices
CyberSIXT Evidence Panel
Article by CyberSIXT