CVE-2026-0629 identifies an improper authentication vulnerability (CWE-287) in the password recovery mechanism of TP-Link Systems Inc.'s VIGI InSight Sx45 Series IP cameras, including models S245, S345, and S445. The vulnerability arises because the local web interface's password recovery feature fails to properly verify the identity of the requester, relying instead on client-side state that can be manipulated by an attacker on the local area network. This flaw allows an unauthenticated attacker with LAN access to reset the administrator password without any verification, effectively bypassing authentication controls. Once the attacker resets the password, they gain full administrative privileges on the device, enabling them to modify device configurations, disable security features, intercept or manipulate video feeds, and potentially pivot to other network resources. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting high severity due to its low attack complexity, no requirement for privileges or user interaction, and significant impact on confidentiality, integrity, and availability. The vulnerability does not require network access beyond the local network, limiting remote exploitation but still posing a critical risk in environments where attackers can gain LAN access. No patches or firmware updates are currently linked, and no known exploits have been reported in the wild as of the publication date. Organizations using these TP-Link VIGI cameras should consider this vulnerability a serious threat to their physical security and network integrity.

The impact of CVE-2026-0629 is substantial for organizations deploying TP-Link VIGI InSight Sx45 Series cameras. Successful exploitation grants attackers full administrative control over the affected devices, allowing them to alter security configurations, disable monitoring capabilities, and potentially use the compromised cameras as footholds for lateral movement within the network. This can lead to unauthorized surveillance, data leakage, and disruption of physical security monitoring. The vulnerability undermines the confidentiality and integrity of video feeds and device settings, and may also affect availability if attackers disable or disrupt camera operations. Given the common use of these cameras in enterprise, government, and critical infrastructure environments, the risk extends to sensitive facilities and operations worldwide. The requirement for LAN access limits remote exploitation but does not eliminate risk, especially in environments with weak network segmentation or where attackers have gained internal access through other means. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread exploitation occurs.

To mitigate CVE-2026-0629, organizations should prioritize the following actions: 1) Apply official firmware updates from TP-Link as soon as they become available to address the authentication bypass vulnerability. 2) If patches are not yet available, disable or restrict access to the password recovery feature on the local web interface to prevent unauthorized resets. 3) Implement strict network segmentation to isolate IP cameras from general user networks, limiting LAN access to trusted administrators only. 4) Enforce strong physical and logical access controls to prevent unauthorized users from connecting to the local network where cameras reside. 5) Monitor network traffic for unusual activity related to camera management interfaces, including unexpected password reset attempts. 6) Consider deploying network access control (NAC) solutions to detect and block unauthorized devices or users on the LAN. 7) Regularly audit and change default credentials and ensure all administrative accounts use strong, unique passwords. 8) Educate IT and security staff about this vulnerability and the importance of securing local interfaces on IoT and surveillance devices. These targeted measures go beyond generic advice by focusing on the specific attack vector and device context.