TP-Link has released security updates to address a high-severity vulnerability (CVE-2026-0629) affecting multiple VIGI C and VIGI InSight series professional surveillance cameras, which could allow attackers to bypass authentication and gain full administrative control of affected devices.

Affected Systems

The flaw impacts more than 32 different VIGI camera models spanning the VIGI C and VIGI InSight series. Affected models include, but are not limited to:

• VIGI Cx45 series: C345, C445

• VIGI Cx55 series: C355, C455

• VIGI Cx85 series: C385, C485

Security Risks

Exploitation of this vulnerability could allow attackers to Gain full administrative access to affected cameras, Compromise device configurations, including disabling security settings and Access live video feeds and recordings.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends the following actions:

• Apply TP-Link firmware updates immediately for all affected VIGI camera models to reduce the risk of exploitation. Download the appropriate firmware from the TP-Link Download Center

• Apply the required and latest security updates as soon as possible.
   
  The released firmware versions for upgrade include, but are not limited to:

• VIGI Cx45 Series: ≥ 3.1.0 Build 250820 Rel.57668n

• VIGI Cx55 Series: ≥ 3.1.0 Build 250820 Rel.58873n

• VIGI Cx85 Series: ≥ 3.0.2 Build 250630 Rel.71279n

• Before updating, ensure you have a current, tested backup of all camera configurations and data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-0629

• https://www.tp-link.com/en/support/faq/4899/

• https://www.tp-link.com/en/vigi/