CVE-2026-34126— TP-Link多款产品 安全漏洞

Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization.  An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25

N/A

敏感数据的明文传输

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E等都是中国普联（TP-Link）公司的产品。TP-Link Tapo L535E是一款智能彩色可调光LED灯泡。TP-Link Tapo P300是一款智能Wi-Fi多位插线板。TP-Link Tapo D100C是一个智能可视门铃配套无线门铃提示器。 TP-Link多款产品存在安全漏洞，该漏洞源于初始设置阶段蓝牙通信以明文传输，使得攻击者可通过蓝牙嗅探或中间人技术窃听通信、操纵设置数据并可能获得设备未授权控制。以下产品及版本受到影响：Tapo L535E v1.0版本

N/A

N/A