TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/Open linkView original on feddit.org
Part of the problem here is I'm pretty certain they don't develop their own hardware or the firmware for it, they rebrand a different OEM and sometimes give it a different plastic shell.
Is that true for TP-link? I always thought they were an OEM.
For the Kasa/Tapo line it seems to be. I was talking with a security camera guy about them, he recognized several but from a different brand. Not all of the line are like that. The ones he recognized predated their release by tplink which is why I think they rebranded.
That sucks. From the article it looks like they are at least writing the firmware, but it's hard to tell.
I'm curious because I just ordered a couple of C210s to tinker with.
It's unlikely you're going to be targeted by someone who can do this, so as long as your cameras aren't directly connected to the internet and your router at least has a password I wouldn't worry too much.