प्लेटफ़ॉर्म
other
घटक
vigi-insight-sx45-series-camera
में ठीक किया गया
3.1.0_Build_250820_Rel.57668n
3.1.0_Build_250820_Rel.58873n
3.0.2_Build_250630_Rel.71279n
1.1.1_Build_250625_Rel.64224n
1.2.0_Build_250820_Rel.60930n
1.2.0_Build_250827_Rel.66817n
3.1.0_Build_250625_Rel.65381n
CVE-2026-0629 describes an authentication bypass vulnerability affecting VIGI InSight Sx45 Series Cameras running versions 0 through 3.1.0. This flaw allows an attacker within the local network (LAN) to manipulate client-side state and reset the administrator password without proper verification. Successful exploitation grants the attacker complete administrative control over the device, potentially compromising network security and device configuration. The vulnerability has been fixed in version 3.1.0Build250820_Rel.58873n.
The impact of CVE-2026-0629 is significant. An attacker who successfully exploits this vulnerability gains full administrative access to the VIGI InSight Sx45 Series Camera. This allows them to modify device settings, access recorded footage, and potentially use the camera as a pivot point to compromise other devices on the same network. The ability to reset the administrator password bypasses standard authentication mechanisms, making it a particularly dangerous vulnerability. The lack of verification during the password recovery process is the root cause, enabling attackers to easily manipulate the system. This is similar to other authentication bypass vulnerabilities where client-side state is not properly validated.
CVE-2026-0629 was publicly disclosed on 2026-01-16. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The EPSS score is pending evaluation, but the ease of exploitation suggests a potential for medium-level risk.
Organizations utilizing VIGI InSight Sx45 Series Cameras in environments with limited network segmentation are particularly at risk. Shared hosting environments where multiple users share the same camera infrastructure are also vulnerable. Legacy configurations that have not been regularly patched or updated are more susceptible to exploitation.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
The primary mitigation for CVE-2026-0629 is to upgrade the VIGI InSight Sx45 Series Camera to version 3.1.0Build250820_Rel.58873n or later. If an immediate upgrade is not possible due to compatibility issues or system downtime requirements, consider segmenting the camera on a separate VLAN to limit its access to critical network resources. Monitor network traffic for unusual activity related to the password recovery endpoint. While a direct WAF rule is unlikely to be effective, implementing strict network access controls and multi-factor authentication (if supported by the camera) can provide additional layers of defense. After upgrading, confirm the fix by attempting a password recovery from a different network segment and verifying that the process requires proper authentication.
अपने VIGI InSight Sx45 Series कैमरे के फ़र्मवेयर को TP-Link की आधिकारिक वेबसाइट पर उपलब्ध नवीनतम संस्करण में अपडेट करें। यह पासवर्ड रिकवरी फ़ीचर में प्रमाणीकरण बाईपास के भेद्यता को ठीक कर देगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-0629 is an authentication bypass vulnerability in VIGI InSight Sx45 Series Cameras allowing attackers to reset the admin password without verification, granting full access.
You are affected if you are using a VIGI InSight Sx45 Series Camera running versions 0–3.1.0Build250820_Rel.58873n.
Upgrade your VIGI InSight Sx45 Series Camera to version 3.1.0Build250820_Rel.58873n or later to mitigate the vulnerability.
There is currently no indication of active exploitation campaigns targeting CVE-2026-0629.
Refer to the official Dahua advisory for details and further information regarding CVE-2026-0629.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।