CVE-2025-10991 is a high-severity vulnerability affecting the TP-Link Tapo D230S1 camera, specifically firmware versions prior to 1.2.2 Build 20250907. The vulnerability allows an attacker with physical access to the device to obtain root-level privileges by connecting directly to the UART (Universal Asynchronous Receiver/Transmitter) port. UART ports are typically used for low-level device debugging and maintenance and often provide direct access to the device's operating system console. Because this vulnerability requires physical access, remote exploitation is not feasible. However, once physical access is gained, the attacker can bypass authentication and security controls, gaining full control over the device's firmware and potentially the network it is connected to. The CVSS v4.0 score is 7.0, reflecting a high severity due to the potential for complete system compromise without user interaction or authentication, but limited by the requirement for physical access. This vulnerability does not require user interaction or prior authentication, and it impacts confidentiality, integrity, and availability at a high level since root access allows modification or disruption of device functions and data. No known exploits are currently reported in the wild, and no official patches or mitigation links were provided at the time of publication. The vulnerability affects the Tapo D230S1 version 1.20 and earlier firmware versions before 1.2.2 Build 20250907.

For European organizations deploying TP-Link Tapo D230S1 cameras, this vulnerability poses a significant risk primarily in environments where physical security of devices cannot be guaranteed. Organizations using these cameras in sensitive or critical infrastructure settings—such as corporate offices, government buildings, or industrial sites—could face unauthorized device control if an attacker gains physical access. Root access could allow attackers to manipulate video feeds, disable security monitoring, or use the compromised device as a foothold to pivot into internal networks, potentially leading to broader network compromise. The impact is particularly concerning for organizations with distributed or publicly accessible camera installations, such as retail chains or public transport systems, where physical access to devices is easier to obtain. Although remote exploitation is not possible, the risk of insider threats or physical tampering remains. The vulnerability also undermines trust in the security of IoT devices, which are increasingly integrated into European organizational environments. Given the high confidentiality, integrity, and availability impact, organizations must treat this vulnerability seriously to prevent potential espionage, sabotage, or data breaches.

1. Physical Security: Strengthen physical security controls around all Tapo D230S1 devices, including secure mounting locations, tamper-evident seals, and restricted access to areas where devices are installed. 2. Firmware Update: Promptly update all affected devices to firmware version 1.2.2 Build 20250907 or later once available from TP-Link, as this version addresses the vulnerability. 3. Device Inventory and Monitoring: Maintain an accurate inventory of all deployed Tapo D230S1 devices and monitor for any signs of physical tampering or unauthorized access. 4. Disable UART Access: Where possible, disable or restrict UART port access physically or via device configuration to prevent unauthorized connections. 5. Network Segmentation: Isolate IoT devices on separate network segments with strict access controls to limit lateral movement if a device is compromised. 6. Incident Response Planning: Develop and test incident response procedures specific to IoT device compromise scenarios, including rapid device replacement and forensic analysis. 7. Vendor Engagement: Engage with TP-Link for official patches, security advisories, and support to ensure timely remediation and awareness of any emerging threats related to this vulnerability.