CVE-2025-10991 is a vulnerability identified in the TP-Link Tapo D230S1 V1.20 smart camera devices, specifically in firmware versions prior to 1.2.2 Build 20250907. The vulnerability arises from insufficient protection of the UART (Universal Asynchronous Receiver/Transmitter) interface, which is a hardware communication port often used for debugging and low-level device management. An attacker with physical access to the device can connect to this UART port and obtain root-level access without any authentication or user interaction. Root access grants full control over the device, enabling the attacker to manipulate device settings, intercept or alter data streams, disable security features, or use the device as a foothold within a network. The vulnerability is classified under CWE-306, indicating missing or inadequate authentication mechanisms. The CVSS 4.0 vector (AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) reflects that the attack vector requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges or user interaction, and impacts confidentiality, integrity, and availability at a high level. No public exploits are known at this time, but the risk remains due to the severity of root access compromise. The vulnerability was published on 2025-09-30, with the vendor having reserved the CVE ID on 2025-09-25. No patch links were provided in the source, but the vendor has indicated that firmware version 1.2.2 Build 20250907 or later addresses the issue.

For European organizations, this vulnerability poses a significant risk especially in environments where physical security of IoT devices is not strictly enforced. Organizations using Tapo D230S1 cameras in offices, manufacturing plants, or critical infrastructure could face unauthorized surveillance, data exfiltration, or network compromise if an attacker gains physical access. Root access allows attackers to manipulate device firmware or software, potentially creating persistent backdoors or pivoting to other network assets. Confidentiality is at high risk due to possible interception of video streams or sensitive data. Integrity and availability are also threatened as attackers could disable or alter device functionality. The requirement for physical access limits remote exploitation but does not eliminate risk in scenarios such as insider threats, theft, or inadequate device placement. The absence of known exploits reduces immediate threat but does not preclude future attacks. The impact is amplified in sectors with high reliance on IoT security such as healthcare, finance, and government facilities in Europe.

1. Immediately update all Tapo D230S1 devices to firmware version 1.2.2 Build 20250907 or later to ensure the vulnerability is patched. 2. Physically secure devices by placing them in tamper-evident enclosures or locked areas to prevent unauthorized UART port access. 3. Conduct regular physical inspections of devices to detect signs of tampering or unauthorized access. 4. Disable or restrict UART port access if possible through device configuration or hardware modifications. 5. Implement strict access controls and surveillance in areas where these devices are deployed to deter insider threats. 6. Monitor network traffic from these devices for unusual activity that could indicate compromise. 7. Maintain an inventory of all IoT devices and ensure firmware is kept up to date as part of a comprehensive IoT security policy. 8. Train staff on the risks associated with physical access to IoT devices and enforce policies accordingly.