Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-34126— Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

AI Predicted 6.5 Difficulty: Easy EPSS 0.01% · P1

Affected Version Matrix 4

VendorProductVersion RangeStatus
TP Link Systems Inc.Tapo D100C v1.0< 1.3.1 Build 260421 Rel.031658affected
TP-Link Systems Inc.Tapo L535E v1.0, v3.0< 1.4.1 Build 251016 Rel.204554affected
TP-Link Systems Inc.Tapo P300 v1.0< EU_1.4.2 Build 251219 Rel.142654affected
< JP_1.4.0 Build 260416 Rel.014037affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34126

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C
Source: NVD (National Vulnerability Database)
Vulnerability Description
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization.  An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-Link多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-Link Tapo L535E等都是中国普联(TP-Link)公司的产品。TP-Link Tapo L535E是一款智能彩色可调光LED灯泡。TP-Link Tapo P300是一款智能Wi-Fi多位插线板。TP-Link Tapo D100C是一个智能可视门铃配套无线门铃提示器。 TP-Link多款产品存在安全漏洞,该漏洞源于初始设置阶段蓝牙通信以明文传输,使得攻击者可通过蓝牙嗅探或中间人技术窃听通信、操纵设置数据并可能获得设备未授权控制。以下产品及版本受到影响:Tapo L535E v1.0版本
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TP-Link Systems Inc.Tapo L535E v1.0, v3.0 0 ~ 1.4.1 Build 251016 Rel.204554 -
TP-Link Systems Inc.Tapo P300 v1.0 0 ~ EU_1.4.2 Build 251219 Rel.142654 -
TP Link Systems Inc.Tapo D100C v1.0 0 ~ 1.3.1 Build 260421 Rel.031658 -

II. Public POCs for CVE-2026-34126

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-34126

登录查看更多情报信息。

Vendor Advisories for CVE-2026-34126 (1)

Vendor Pages for CVE-2026-34126 (5)

IV. Related Vulnerabilities

Same vendor: TP-Link Systems Inc.
Same weakness: CWE-319

V. Comments for CVE-2026-34126

No comments yet

Leave a comment