CVE-2026-34126: CWE-319 Cleartext transmission of sensitive information in TP-Link Systems Inc. Tapo L535E v1.0, v3.0
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25
AI Analysis
Technical Summary
CVE-2026-34126 describes a cleartext transmission vulnerability (CWE-319) in TP-Link Tapo devices during Bluetooth communication in the initial setup phase. The affected models include Tapo L535E versions 1.0 and 3.0, P300 v1.0, and D100C v1.0 (a chime accessory for various Tapo cameras). Bluetooth communication during initialization is unencrypted, allowing attackers within Bluetooth range to sniff or perform man-in-the-middle attacks on setup data. This could lead to unauthorized control of the device during initialization. The vulnerability does not affect other communication phases or cloud services. No patch or official remediation level has been published by TP-Link as of the data provided.
Potential Impact
An attacker within Bluetooth range can intercept or manipulate unencrypted Bluetooth setup communications, potentially gaining unauthorized control of the device during initialization. This could compromise device security at the setup stage but does not indicate ongoing operational compromise. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should limit physical proximity to the device during setup and ensure setup is performed in a secure environment to reduce the risk of Bluetooth interception. No official vendor mitigation or temporary fix has been provided.
CVE-2026-34126: CWE-319 Cleartext transmission of sensitive information in TP-Link Systems Inc. Tapo L535E v1.0, v3.0
Description
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25
CVSS v4.0
Score 7.3high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34126 describes a cleartext transmission vulnerability (CWE-319) in TP-Link Tapo devices during Bluetooth communication in the initial setup phase. The affected models include Tapo L535E versions 1.0 and 3.0, P300 v1.0, and D100C v1.0 (a chime accessory for various Tapo cameras). Bluetooth communication during initialization is unencrypted, allowing attackers within Bluetooth range to sniff or perform man-in-the-middle attacks on setup data. This could lead to unauthorized control of the device during initialization. The vulnerability does not affect other communication phases or cloud services. No patch or official remediation level has been published by TP-Link as of the data provided.
Potential Impact
An attacker within Bluetooth range can intercept or manipulate unencrypted Bluetooth setup communications, potentially gaining unauthorized control of the device during initialization. This could compromise device security at the setup stage but does not indicate ongoing operational compromise. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should limit physical proximity to the device during setup and ensure setup is performed in a secure environment to reduce the risk of Bluetooth interception. No official vendor mitigation or temporary fix has been provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-03-25T18:54:03.343Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a188377e29bf47b5017901a
Added to database: 5/28/2026, 6:03:35 PM
Last enriched: 5/28/2026, 6:19:06 PM
Last updated: 5/29/2026, 1:35:02 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.