{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T09:44:48.138","vulnerabilities":[{"cve":{"id":"CVE-2025-10991","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2025-09-30T11:37:38.757","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device.\n\nThis issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907."},{"lang":"es","value":"El atacante puede obtener acceso root conectándose al puerto UART y esta vulnerabilidad requiere que el atacante tenga acceso físico al dispositivo.\n\nEste problema afecta a Tapo D230S1 V1.20: anterior a 1.2.2 Build 20250907."}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.tp-link.com/en/support/faq/4693/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"}]}}]}