❗❗❗Invalid cloud password on firmware build 230921 and higher

[JurajNyiri]

Thread for invalid cloud password on firmware build 230921 and higher

There has been reports of users on firmwares 1.3.8, and newer, or on some cameras other firmwares with build 230921 and newer of integration stopping to work. This shows as cloud password not being accepted.

I have been in touch with tplink regarding a security vulnerability I reported in the past and this is most probably a fix for it.

This currently only affects some users, not all and most probably requires camera to be connected to the internet in order to receive the update for authorization, given that it affects older firmwares as well, or possibly an interaction with the official app.

I have a solution and I am waiting for a permission for integration to connect to cloud.

Users reported this problem in numerous issues, this issue will serve for tracking the progress on the fix and group all the conversation under one issue.

Workarounds

If you need to use the camera with this integration until this is resolved you can either:

1. If your camera still works with integration: Block internet access of camera and stop using the official phone app temporarily if you are using firmware 1.3.8 (or build 230921 and higher)
2. If your camera no longer works with integration: Use older firmware than 1.3.8 (or build 230921) and factory reset camera

This issue has been locked due to too many users ignoring the request to read first before posting duplicate and off topic content after more than 3 warnings.

This post will stay uptodate with the most recent updates below.

2024-04-11:

First report of the issue at https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/549

2024-04-12:

Second report of the issue at https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/550 along with more users confirming the issue.

2024-04-13:

This thread has been created.

From my side, I have unblocked one of my camera on the latest firmware to reach the internet, so that hopefully I can get this update soon and work on a fix. I hope TPLink will provide detailed instructions on what has been changed so that I can work on a fix.

2024-04-19:

Added instructions about build number as some cameras have different versioning of firmwares.

I reached out to TP-Link after 7 days for any updates.

2024-04-23:

@reypm found a solution how to workaround this issue without downgrading the firmware:

1. Factory reset the camera (it remains with 1.3.11 Build 231117 firmware since I could not find a way to downgrade the firmware)
2. Entirely block Internet access for the camera
3. Reinstalled the component (this component)
4. Re-added the camera (by reinstalling the component it removes the old config)

TPLink is working on providing me with the solution, got a reply today that I need to wait a bit more.

2024-05-08:

I have some very good news and a little bit of concerning news.

Good news:

1. Today I was finally affected with this on one of my cameras which allowed me to conduct research and I spent my whole day working on that.
2. I now know how to solve this, I just need to figure out some of the remaining details and implement the changes which should not take more than a few weekends of active work. There is a lot of work involved but it can be done and I now know roughly how.

Now the concerning news:

1. Integration will need to interact with tplink cloud to get the new password. This is possibly a one time job, but I do not know yet, it might expire and get a new password if it no longer works. I will need to find a way to detect this as well but thats just a little detail.
2. Due to integration's need to interact with TPLink cloud I have reached out to TPLink for their permission. If they refuse, there is no way how to implement this unless someone else makes a script to extract the pwd AND the pwd does not change, ever. Which would also make the set up harder for everyone.

2024-05-15:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2111341474

2024-05-18:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2118381739

2024-05-29:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2137323663

2024-06-25:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2189695781

[reypm]

I am using the iOS app and everything is working fine. My camera is a Tapo C110 with Firmware Version 1.3.11 Build 231117 Rel. 47346n(5553) and as of today is not working.

// image removed.

[JurajNyiri]

@reypm have you opened and used the app just before it stopped working or only after?

[reypm]

@JurajNyiri Yes, everything is working as expected and nothing has changed on my end with the app, I do keep my iOS apps up to date most of the time, not sure when the Tapo app did update to the latest

[Seb-]

Hello, I have the issue on C210 with firmware 1.3.11, cloud password no longer accepted in HA. Do you need any more information?

Thank you for the heads up!

[wavemop]

Operating System: Android App version: 3.2.976 Camera: C200 (Hardware-Version 3.0) Firmware version: 1.3.13

pytapo output is: "Exception: Invalid authentication data"

I'm really hoping tp-link is calling you soon ;)

[reypm]

@JurajNyiri I am using this other custom component repository as well and today I noticed it disconnected some of my Tapo devices, upon research some people reported issues in their issues and the problem was fixed with version 3.1.0. I updated the component today and is working fine, I am using the very same creds I am using with your component, you can maybe take something from there or just take a look

Disclaimer: I am not advertising the other repository at all just providing some help to get the issue fixed ASAP

[JurajNyiri]

@petretiandrea any idea if this might be related? I know your integration uses different communication method completely.

[scetu]

I have 3x C200 with 1.3.11 sice December (https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/472#issuecomment-1845959412) with blocked DNS (only NTP is enabled - otherwise they are in zombie state) and so far no major issues.

[reypm]

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

[JurajNyiri]

Blocking the access after having the issue will not help — and I am not sure if it helps at all even when not having issue as the update might be pushed through the app. In order to use the camera you will either need to wait or follow steps in main post in this issue - downgrade firmware.

[jjvelar]

Hi @JurajNyiri I have 1.3.9 firmware but no issues with integration version 5.4.17. Should I then update the integration to version 5.4.17PSA? Thanks,

José

[JurajNyiri]

5.4.17PSA Has nothing new. It’s a way how to get the information to the end users and help them prevent having issues. You will soon be affected most probably unless it is fixed by then.

[mbentancour]

Thanks for pushing the PSA as an "update". I would have missed this if it wasn't for it. I block internet access to all my cameras but from time to time I update the firmware just to keep them up-to-date. It would be a lot of work to factory reset them just to get them to work again.

I see you have the "help wanted" tag, I have a C200 that I can use for testing, and I might be able to do some python debugging if that helps.

[scetu]

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

Use AdGuard Home or Pi-Hole and add custom rules for filtering

||tplinknbu.com^$important
||iot.i.tplinknbu.com^$important
||tplinkcloud.com^$important

[jsapede]

hello, my cameras are C210 1.3.13 but fully blocked internet since some weeks. Still working at this time. is there a documented procedure and firmware ressource for downgrade ?

[jakwarrior]

Thanks for this "update", I would have missed the issue without it. I'm using a Tapo C200 with firmware 1.3.9 Build 231019 according to the integration. I've just blocked updates with AdGuard filters, and I haven't launched the Android app. So far, everything is still working perfectly.

[petretiandrea]

@petretiandrea any idea if this might be related? I know your integration uses different communication method completely.

Hi, actually I'm not calling the "cloud", so no "cloud password". My integration is completely based on local communication. My library is using KLAP protocol

[Write]

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

Use AdGuard Home or Pi-Hole and add custom rules for filtering

||tplinknbu.com^$important
||iot.i.tplinknbu.com^$important
||tplinkcloud.com^$important

Just to be entierly precise : this doesn't block their internet access per se, if the firmware contains direct IP address Pi-Hole won't be able to block it. Hence, why I'd try to block their internet access at the router level. Most consumer router from ISP comes with a "child protection mode" to block internet from specific devices at specific time, which is what I would do if I didn't have a "true" configurable router.

However, this would also block NTP (Server to which the device request to, to get current time and date) requests too.

That's the solution I use at my mom's house, and it works perfectly fine, with an automation to force sync date / time from HA to Tapo devices.

alias: "camera : Sync Tapo Time"
description: ""
trigger:
  - platform: time_pattern
    minutes: /5
condition: []
action:
  - service: button.press
    data: {}
    target:
      entity_id:
        - button.tapo_salon_sync_time
        - button.tapo_entree_sync_time
mode: single

[PeteDenmark]

Mine are still working (well - as "well" as they always have).

Have now blocked their internet access in my router, just because there is no need for them to have internet access.

Cams: Tapo C200 (two of them) App version: 3.2.976 Firmware: 1.3.13 Build 240327 Rel.63336n(4555) Hardware: 3.0 Android Haos WebRTC for streaming

[sgurgul]

I believe accessing (or not) cameras from mobile Tapo application might explain why some cameras still operates well.

I manage 3 locations with different set of users, all having same Tapo C100/C110 cameras, with same firmware versions (1.3.9 & 1.3.11, depending on the camera model).

Two locations are "broken" since last few days - HA claiming authorization errors. 3rd one still works smoothly.

The difference is that in two broken locations users use Android Tapo application to monitor cameras. 3rd location is only integrated with HA. I made some experiments in this 3rd location - resetting camera, resetting HA, even removing and adding integration in HA - everything still works smoothly.

All locations & cameras has an Internet access so this factor does not seems to explain the phenomenon in my case.

[Zackptg5]

I have a C210 that's been updated to 1.3.11 and it's been working fine, maybe only some devices are affected

[LeOS-GSI]

I'm sing a C200 with 1.3.13 firmware and I'm using no cloud, all running only local. So why do I need this 'cloud' password which I don't have ?

What can I do to get the camera back in my HA ?

The camera is show fine in Tapo app on my Android devices

[Write]

I'm sing a C200 with 1.3.13 firmware and I'm using no cloud, all running only local. So why do I need this 'cloud' password which I don't have ?

What can I do to get the camera back in my HA ?

The camera is show fine in Tapo app on my Android devices

Rollback their firmware as stated in the first post. He is still investigation the issue.

[LeOS-GSI]

I'm sing a C200 with 1.3.13 firmware and I'm using no cloud, all running only local. So why do I need this 'cloud' password which I don't have ? What can I do to get the camera back in my HA ? The camera is show fine in Tapo app on my Android devices

Rollback their firmware as stated in the first post. He is still investigation the issue.

OK; but .... there is no way to downgrade, because there is no firmware archive available for my device

[scetu]

I'm sing a C200 with 1.3.13 firmware and I'm using no cloud, all running only local. So why do I need this 'cloud' password which I don't have ? What can I do to get the camera back in my HA ? The camera is show fine in Tapo app on my Android devices

Rollback their firmware as stated in the first post. He is still investigation the issue.

OK; but .... there is no way to downgrade, because there is no firmware archive available for my device

You can follow downgrade proccess from here https://github.com/nervous-inhuman/tplink-tapo-c200-re/issues/4 Here is actual list of firmwares https://github.com/nervous-inhuman/tplink-tapo-c200-re/issues/4#issuecomment-1774137539

I went through it previously

[LeOS-GSI]

I'm sing a C200 with 1.3.13 firmware and I'm using no cloud, all running only local. So why do I need this 'cloud' password which I don't have ? What can I do to get the camera back in my HA ? The camera is show fine in Tapo app on my Android devices

Rollback their firmware as stated in the first post. He is still investigation the issue.

OK; but .... there is no way to downgrade, because there is no firmware archive available for my device

You can follow downgrade proccess from here nervous-inhuman/tplink-tapo-c200-re#4 Here is actual list of firmwares nervous-inhuman/tplink-tapo-c200-re#4 (comment)

I went through it previously

THX, but I own a v3.20. And the firmware is for v1

[andrewleech]

I've just got a C120 and was expecting to run into this issue as we want to use tapo app as well as HA. When setting up the app as a new user, the wizard highlighted that the camera should have its firmware updated and let me pick a time for the auto-update to happen. It also alerted to to where in the app device settings I could disable auto firmware update.

So yes, firmware update is scheduled by the app, and can be turned off.

Edit: sorry these screenshots are large, feel free to hide them but I thought it might be useful for others to see how to turn off firmware updates if they haven't got the new version already, or for after a downgrade.

Side note, I am a python developer and work on other home assistant integrations already. If I was to let my app upgrade the rather old firmware and the integration broke, do you have thoughts on what sort of work / help would be required to get this fixed properly?

Edited (JN): Made images smaller.

[JurajNyiri]

Automatic updates can be also simply turned off via HA:

@andrewleech if you would like to help please reach out to me on discord and if you are able to replicate the issue I can guide you on how we can debug this and fix. I am currently stuck not affected unfortunately so I cannot do anything. No news from TPLink as well.

[fredericomcorda]

So I just bought the C200 v3, I knew about HACS integration then I just setup everything and let the FW update. Then I saw this issue. I've followed the downgrade process, but I still have the "cloud authentication error". Let me know if I can provide more info, and thanks for this awesome work.

Operating System: iOS App version: 3.3.107 (TAPO APP) Camera: C200 v3 Firmware version: 1.3.8 (downgraded from 1.3.13 to > Tapo_C200v3_en_1.3.8_Build_230921_Rel.14633n_up_boot-signed_1695870480542)

[JurajNyiri]

If you have downgraded you will also need to remove the camera from your account, factory reset, add back to your account and ensure you are entering correct credentials.

If it does not work try downgrading further and let us know which firmware worked so that we know which firmwares are affected as this is currently not verified.

[jonasa90]

I also have a Tapo C210. In my case, the newest firmware which is working the 1.3.7. First i have tried 1.3.8, but still had a "cloud authentication error". With 1.3.7 everythings work like before.

[JurajNyiri]

Thank you @jonasa90 I updated the documentation.

[joebar38]

Hi, I have this problem with my camera (1.3.11) I would like to help you, but I don't know anything about python... I can't find any firmware for my cam (C210 V1 EU Version) for downgrade :(

[therealpanse]

not sure if that helps, but I just got a C520WS and only saw this thread after installing and updating the FW. Got the same error. Right now, it's displaying Version 1.2.6 Build 231130 Rel.72992n. That confuses me, since it should be higher, shouldn't it? Or is C520WS not supported anymore? Anyways, it doesn't work anymore (but it did for a brief moment, before it auto-updated)

[kankadev]

The only problem I have two entities of my Tapo C320WS aren't available anymore.

binary_sensor.c320ws_door_cell_motion_detection binary_sensor.c320ws_door_noise

I use the first one for many automations.

The error message in Home Assistant GUI is in German: "Diese Entität wird nicht mehr von der Integration tapo_control bereitgestellt. Wenn die Entität nicht mehr verwendet wird, lösche sie in den Einstellungen."

Translated: This entity is no longer provided by the tapo_control integration. If the entity is no longer used, delete it in the settings.

I need this very bad. There was a firmware update last week. 320WS uses firmware version 1.1.8 Build 231211 Rel.70767n

Everything else works (even other sensors, stream etc.).

[JurajNyiri]

@therealpanse You will need to look at build in your case as the firmware versioning seems different for that camera.

Added instructions about build number as some cameras have different versioning of firmwares.

[Matthew2705]

I have a Tapo C200 in my garage. Before the update I could use the entities for motion detection started/stopped to turn on/off my garage lights. Those entities are no longer available? Or am I missing something?

[kankadev]

I have a Tapo C200 in my garage. Before the update I could use the entities for motion detection started/stopped to turn on/off my garage lights. Those entities are no longer available? Or am I missing something?

Have the same problem but it's marked as off topic although I think it's relevant to this topic.

[JurajNyiri]

Have the same problem but it's marked as off topic although I think it's relevant to this topic.

It’s not relevant to this topic at all and is documented in dozens of duplicate issues of people not reading readme and faq where it is explained.

[Matthew2705]

Can you point me in the right direction?

I don't know how GitHub works and I'm still fairly new to HA when it comes to these things.

On Sat, 20 Apr 2024, 09:09 Juraj Nyíri, @.***> wrote:

It’s not relevant to this topic at all and is documented in dozens of duplicate issues of people not bothering to read readme and faq where it is explained.

— Reply to this email directly, view it on GitHub https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2067585512, or unsubscribe https://github.com/notifications/unsubscribe-auth/BEHPQY3PR7NOYMIL5SCFECTY6IIDVAVCNFSM6AAAAABGFXTRQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRXGU4DKNJRGI . You are receiving this because you commented.Message ID: @.***>

[reypm]

@Matthew2705 read here please, @JurajNyiri has described all the steps that should be followed there

[reypm]

@JurajNyiri a few notes, I have factory reset my Tapo C110 and, changed the password also double check 2FA is disabled and the integration still not working fine. At this point, I don't know if the issue is coming from HA 2024.4.3 or your integration. I have tested the stream and it is working fine:

To display the camera in my HA I am using this WebRTC integration but it stopped working and I am not sure why because the same URL for the stream does work in VLC as shown above.

This is my configuration for the above integration:

type: custom:webrtc-camera
url: rtsp://<my_email_address>:<my_cloud_password>@192.168.11.65:554/stream1
muted: true
background: true
mode: webrtc,mse,mp4,mjpeg
digital_ptz:
  mouse_drag_pan: false
  mouse_wheel_zoom: false
  mouse_double_click_zoom: true
  touch_drag_pan: false
  touch_pinch_zoom: true
  touch_tap_drag_zoom: false
  persist: false

I am not sure if this helps somehow but if you need me to do some testing or debug ping me. Right now my camera is useless and I am trying to help as much as I can with this issue so it gets fixed

[JurajNyiri]

You need to downgrade firmware according to first post in this issue.

[Matthew2705]

Okay I have fixed the issue by going back to the previous beta version. Works like a charm again! Thanks for all the hard work you put into this addon

On Sat, 20 Apr 2024, 17:10 Juraj Nyíri, @.***> wrote:

You need to downgrade firmware according to first post in this issue.

— Reply to this email directly, view it on GitHub https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2067702290, or unsubscribe https://github.com/notifications/unsubscribe-auth/BEHPQY2Z3GHX5GX532AI2FTY6KAPJAVCNFSM6AAAAABGFXTRQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRXG4YDEMRZGA . You are receiving this because you were mentioned.Message ID: @.***>

[reypm]

@JurajNyiri I can’t find how to downgrade to 1.3.8 and it is not in the first post as you mentioned - unless I am missing something, can you point me in the right direction?

[xandalo]

i was able to reconnect mine (Firmware: 1.1.9 Build 240223 Rel.56143n)

[notacircle]

I have 5 - C100 (1.3.9 Build 231019 Rel.40264n(4555)) and 3 - C110 (1.3.11 Build 231117 Rel.47346n(4555)) connected from Russia

have no any problems

[reypm]

okay, I was able to get it working by:

1. Factory reset the camera (it remains with 1.3.11 Build 231117 firmware since I could not find a way to downgrade the firmware)
2. Entirely block Internet access for the camera
3. Reinstalled the component (this component)
4. Re-added the camera (by reinstalling the component it removes the old config)

The camera is working fine, from HA, the stream is ok, and from the app. Try the above steps in case it still not working for you

[joebar38]

okay, I was able to get it working by:

1. Factory reset the camera (it remains with 1.3.11 Build 231117 firmware since I could not find a way to downgrade the firmware)
2. Entirely block Internet access for the camera
3. Reinstalled the component (this component)
4. Re-added the camera (by reinstalling the component it removes the old config)

The camera is working fine, from HA, the stream is ok, and from the app. Try the above steps in case it still not working for you

Thanks a lot for your feedback, my C210 work !! I have blocked my C210 with AdGuard and I followed your procedure and all functions works !

[JurajNyiri]

@JurajNyiri I can’t find how to downgrade to 1.3.8 and it is not in the first post as you mentioned - unless I am missing something, can you point me in the right direction?

Its described here - https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2061039421

But your solution might be even better for users who do not want to use tapo app remotely.