Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Home / Threats / CVE-2026-0629

CVE-2026-0629 - VIGI C230I Mini Plugin

CVE-2026-0629

Vulnerability CVE-2026-0629 PLUGIN vigi-c230i-mini HIGH

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

CVE-2026-0629

HIGH CVSS 8.7 Published 2026-01-16 Updated 2026-01-26
AI Risk High (84/100) Active Exploit: No strong signal Published Exploit: No public exploit references Priority: P2 Urgent
Severity Band HIGH
CVSS Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Components 34
Reference Links 4
AI Risk Engine High (84/100)
Exploitability High
Active Exploitation No strong signal
Published Exploit Status No public exploit references

Threat Timeline

  1. 2026-01-16 CVE published and first recorded in the threat feed.
  2. 2026-01-26 Record updated with latest vulnerability metadata.
  3. 2026-04-09 AI technical context refreshed for mitigation and impact guidance.
  4. Now Monitoring for follow-up changes, linked references, and new related CVEs.

AI Context

Machine-generated threat intelligence

AI Updated 8 days ago

AI enriched 8 days ago (2026-04-09 07:59 UTC)

Technical Summary

Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.

Potential Impact

Severity is HIGH (CVSS 8.7). Depending on deployment context, affected components may be exposed to unauthorized actions or data integrity risk.

Exploitability Assessment

Exploitability is assessed as High based on low-bar exploit prerequisites.

Primary risk drivers: low-bar exploit prerequisites

Mitigation Recommendations

Validate affected product versions, prioritize patching, and monitor references for vendor remediation guidance. If immediate patching is not possible, apply compensating controls and limit exposure of vulnerable surfaces.

Detection & Monitoring

Track authentication anomalies, unexpected file writes, and suspicious plugin API activity around affected components.

Business Impact Lens

Prioritize remediation where affected components process customer data, admin sessions, or Internet-exposed workflows.

Affected Products

VIGI C230I Mini PLUGIN · vigi-c230i-mini Affected: >= 0, < 2.1.0_Build_250701_Rel.47570n Fixed in: 2.1.0_Build_250701_Rel.47570n
VIGI C240 1.0 PLUGIN · vigi-c240-1-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.48425n Fixed in: 2.1.0_Build_250701_Rel.48425n
VIGI C250 PLUGIN · vigi-c250 Affected: >= 0, < 2.1.0_Build_250702_Rel.54301n Fixed in: 2.1.0_Build_250702_Rel.54301n
VIGI C340 2.0 PLUGIN · vigi-c340-2-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.49304n Fixed in: 2.1.0_Build_250701_Rel.49304n
VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20) PLUGIN · vigi-c340-w-2-x-series-c340-w-2-0-c340-w-2-20 Affected: >= 0, < 2.1.1_Build_250717_Rel.66528n Fixed in: 2.1.1_Build_250717_Rel.66528n
VIGI C340S PLUGIN · vigi-c340s Affected: >= 0, < 3.1.0_Build_250625_Rel.65381n Fixed in: 3.1.0_Build_250625_Rel.65381n
VIGI C440 2.0 PLUGIN · vigi-c440-2-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.49778n Fixed in: 2.1.0_Build_250701_Rel.49778n
VIGI C440-W 2.0 PLUGIN · vigi-c440-w-2-0 Affected: >= 0, < 2.1.1_Build_250717_Rel.66632n Fixed in: 2.1.1_Build_250717_Rel.66632n
VIGI C540 2.0 PLUGIN · vigi-c540-2-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.50397n Fixed in: 2.1.0_Build_250701_Rel.50397n
VIGI C540-4G PLUGIN · vigi-c540-4g Affected: >= 0, < 2.2.0_Build_250826_Rel.56808n Fixed in: 2.2.0_Build_250826_Rel.56808n
VIGI C540-W 2.0 PLUGIN · vigi-c540-w-2-0 Affected: >= 0, < 2.1.1_Build_250717_Rel.67730n Fixed in: 2.1.1_Build_250717_Rel.67730n
VIGI C540S / EasyCam C540S PLUGIN · vigi-c540s-easycam-c540s Affected: >= 0, < 3.1.0_Build_250625_Rel.66601n Fixed in: 3.1.0_Build_250625_Rel.66601n
VIGI C540V PLUGIN · vigi-c540v Affected: >= 0, < 2.1.0_Build_250702_Rel.54300n Fixed in: 2.1.0_Build_250702_Rel.54300n
VIGI Cx20 Series (C320/C420) PLUGIN · vigi-cx20-series-c320-c420 Affected: >= 0, < 2.1.0_Build_250701_Rel.39597n Fixed in: 2.1.0_Build_250701_Rel.39597n
VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0) PLUGIN · vigi-cx20i-1-0-series-c220i-1-0-c320i-1-0-c420i-1-0 Affected: >= 0, < 2.1.0_Build_251014_Rel.58331n Fixed in: 2.1.0_Build_251014_Rel.58331n
VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20) PLUGIN · vigi-cx20i-1-20-series-c220i-1-20-c320i-1-20-c420i-1-20 Affected: >= 0, < 2.1.0_Build_250701_Rel.44071n Fixed in: 2.1.0_Build_250701_Rel.44071n
VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0) PLUGIN · vigi-cx30-1-0-series-c230-1-0-c330-1-0-c430-1-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.46796n Fixed in: 2.1.0_Build_250701_Rel.46796n
VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20) PLUGIN · vigi-cx30-1-20-series-c230-1-20-c330-1-20-c430-1-20 Affected: >= 0, < 2.1.0_Build_250701_Rel.46796n Fixed in: 2.1.0_Build_250701_Rel.46796n
VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0) PLUGIN · vigi-cx30i-1-0-series-c230i-1-0-c330i-1-0-c430i-1-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.45506n Fixed in: 2.1.0_Build_250701_Rel.45506n
VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20) PLUGIN · vigi-cx30i-1-20-series-c230i-1-20-c330i-1-20-c430i-1-20 Affected: >= 0, < 2.1.0_Build_250701_Rel.44555n Fixed in: 2.1.0_Build_250701_Rel.44555n
VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0) PLUGIN · vigi-cx40i-1-0-series-c240i-1-0-c340i-1-0-c440i-1-0 Affected: >= 0, < 2.1.0_Build_250701_Rel.46003n Fixed in: 2.1.0_Build_250701_Rel.46003n
VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20) PLUGIN · vigi-cx40i-1-20-series-c240i-1-20-c340i-1-20-c440i-1-20 Affected: >= 0, < 2.1.0_Build_250701_Rel.45041n Fixed in: 2.1.0_Build_250701_Rel.45041n
VIGI Cx45 Series (C345/C445) PLUGIN · vigi-cx45-series-c345-c445 Affected: >= 0, < 3.1.0_Build_250820_Rel.57668n Fixed in: 3.1.0_Build_250820_Rel.57668n
VIGI Cx50 Series (C350/C450) PLUGIN · vigi-cx50-series-c350-c450 Affected: >= 0, < 2.1.0_Build_250702_Rel.54294n Fixed in: 2.1.0_Build_250702_Rel.54294n
VIGI Cx55 Series (C355/C455) PLUGIN · vigi-cx55-series-c355-c455 Affected: >= 0, < 3.1.0_Build_250820_Rel.58873n Fixed in: 3.1.0_Build_250820_Rel.58873n
VIGI Cx85 Series (C385/C485) PLUGIN · vigi-cx85-series-c385-c485 Affected: >= 0, < 3.0.2_Build_250630_Rel.71279n Fixed in: 3.0.2_Build_250630_Rel.71279n
VIGI InSight S345-4G PLUGIN · vigi-insight-s345-4g Affected: >= 0, < 2.1.0_Build_250725_Rel.36867n Fixed in: 2.1.0_Build_250725_Rel.36867n
VIGI InSight S655I PLUGIN · vigi-insight-s655i Affected: >= 0, < 1.1.1_Build_250625_Rel.64224n Fixed in: 1.1.1_Build_250625_Rel.64224n
VIGI InSight Sx25 Series (S225/S325/S425) PLUGIN · vigi-insight-sx25-series-s225-s325-s425 Affected: >= 0, < 1.1.0_Build_250630_Rel.39597n Fixed in: 1.1.0_Build_250630_Rel.39597n
VIGI InSight Sx45 Series (S245/S345/S445) PLUGIN · vigi-insight-sx45-series-s245-s345-s445 Affected: >= 0, < 3.1.0_Build_250820_Rel.57668n Fixed in: 3.1.0_Build_250820_Rel.57668n
VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI) PLUGIN · vigi-insight-sx45zi-series-s245zi-s345zi-s445zi Affected: >= 0, < 1.2.0_Build_250820_Rel.60930n Fixed in: 1.2.0_Build_250820_Rel.60930n
VIGI InSight Sx55 Series (S355/S455) PLUGIN · vigi-insight-sx55-series-s355-s455 Affected: >= 0, < 3.1.0_Build_250820_Rel.58873n Fixed in: 3.1.0_Build_250820_Rel.58873n
VIGI InSight Sx85 Series (S285/S385) PLUGIN · vigi-insight-sx85-series-s285-s385 Affected: >= 0, < 3.0.2_Build_250630_Rel.71279n Fixed in: 3.0.2_Build_250630_Rel.71279n
VIGI InSight Sx85PI Series (S385PI/S485PI) PLUGIN · vigi-insight-sx85pi-series-s385pi-s485pi Affected: >= 0, < 1.2.0_Build_250827_Rel.66817n Fixed in: 1.2.0_Build_250827_Rel.66817n

Related Vulnerabilities

Browse All Threats

Newest linked vulnerabilities to keep visitors exploring adjacent CVE coverage.

No related vulnerability records were found yet for this context.

Scroll to top