❗❗❗Invalid cloud password on firmware build 230921 and higher

[JurajNyiri]

Thread for invalid cloud password on firmware build 230921 and higher

There has been reports of users on firmwares 1.3.8, and newer, or on some cameras other firmwares with build 230921 and newer of integration stopping to work. This shows as cloud password not being accepted.

I have been in touch with tplink regarding a security vulnerability I reported in the past and this is most probably a fix for it.

This currently only affects some users, not all and most probably requires camera to be connected to the internet in order to receive the update for authorization, given that it affects older firmwares as well, or possibly an interaction with the official app.

I have a solution and I am waiting for a permission for integration to connect to cloud.

Users reported this problem in numerous issues, this issue will serve for tracking the progress on the fix and group all the conversation under one issue.

Workarounds

If you need to use the camera with this integration until this is resolved you can either:

1. If your camera still works with integration: Block internet access of camera and stop using the official phone app temporarily if you are using firmware 1.3.8 (or build 230921 and higher)
2. If your camera no longer works with integration: Use older firmware than 1.3.8 (or build 230921) and factory reset camera

This issue has been locked due to too many users ignoring the request to read first before posting duplicate and off topic content after more than 3 warnings.

This post will stay uptodate with the most recent updates below.

2024-04-11:

First report of the issue at https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/549

2024-04-12:

Second report of the issue at https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/550 along with more users confirming the issue.

2024-04-13:

This thread has been created.

From my side, I have unblocked one of my camera on the latest firmware to reach the internet, so that hopefully I can get this update soon and work on a fix. I hope TPLink will provide detailed instructions on what has been changed so that I can work on a fix.

2024-04-19:

Added instructions about build number as some cameras have different versioning of firmwares.

I reached out to TP-Link after 7 days for any updates.

2024-04-23:

@reypm found a solution how to workaround this issue without downgrading the firmware:

1. Factory reset the camera (it remains with 1.3.11 Build 231117 firmware since I could not find a way to downgrade the firmware)
2. Entirely block Internet access for the camera
3. Reinstalled the component (this component)
4. Re-added the camera (by reinstalling the component it removes the old config)

TPLink is working on providing me with the solution, got a reply today that I need to wait a bit more.

2024-05-08:

I have some very good news and a little bit of concerning news.

Good news:

1. Today I was finally affected with this on one of my cameras which allowed me to conduct research and I spent my whole day working on that.
2. I now know how to solve this, I just need to figure out some of the remaining details and implement the changes which should not take more than a few weekends of active work. There is a lot of work involved but it can be done and I now know roughly how.

Now the concerning news:

1. Integration will need to interact with tplink cloud to get the new password. This is possibly a one time job, but I do not know yet, it might expire and get a new password if it no longer works. I will need to find a way to detect this as well but thats just a little detail.
2. Due to integration's need to interact with TPLink cloud I have reached out to TPLink for their permission. If they refuse, there is no way how to implement this unless someone else makes a script to extract the pwd AND the pwd does not change, ever. Which would also make the set up harder for everyone.

2024-05-15:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2111341474

2024-05-18:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2118381739

2024-05-29:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2137323663

2024-06-25:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2189695781

2024-07-03:

See https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2205580658

[mariobrosch]

is there any response from TPLink or should we use other resources to get a reply? For example asking the crowd for help with anyone resources at TPLink?

Really want the integration back to work because now I miss weeks of pictures for my timelapse :(

[JurajNyiri]

I sent a request for an update on Monday 27.05.2024 after 12 days of no additional updates. The last update I have is from 15.05.2024 that they are deciding.

[Ector73]

I sent a request for an update on Monday 27.05.2014 after 12 days of no additional updates. The last update I have is from 15.05.2014 that they are deciding.

2024? ......otherwise I'll start to worry :-) In any case, I downgraded the firmware and everything works perfectly on my two c200...waiting for..

[JurajNyiri]

I got another update from TPLink. (Deleting above recent update since it has less / duplicate info to keep this thread clean).

TPLink is preparing a new cloud API endpoint for this integration in order to get the cloud token without the need to go through their cloud exactly like the app and my currently prepared solution.

They estimate this will be done by end of June but they are not certain and the deadline might change.

This is good and bad news for us.

It means we will have to wait longer for a solution and all the work (weeks) I spent working on it is now not going to be able to be used and released for everyone here, which makes me sad, but I learned a lot in the process.

However, this is also very good in my opinion. It means, they are indeed trying to keep this integration working well. Which is in my opinion very good news for open source and TP-Link products and their customers. To me, it shows their intent to work with open source projects and open home. It also means, whatever solution they prepare will be official, will not break unintentionally and will be above board, which makes this integration more stable in the future.

What to do now?

For the affected users, at this point your option is to downgrade the firmware if you wish to use this integration in the meantime.

If you are not affected with this issue yet, and are running the recent firmware higher than build 230921 block internet access of the camera now.

Next steps

Once I receive an update from TPLink I will work on integrating it and releasing it ASAP. If I do not get an update by July 1st, I will send a reminder.

[bucker00]

Oh man, I feel for ya - appreciate all your hard work on this!

[MLammerding]

Thx a lot for your work!👍🏻🚀 Is there a chance to update the list of the old firmwares? The latest list is 7 month old now Thx in advance!✌🏻

[JurajNyiri]

@MLammerding these are not tracked or maintained by me. I do not know where and how the author got them. In any case, you do not want firmware newer than 7 months for this integration. You need build before 230921.

[fredrikhaggbom]

Thanks for your work @JurajNyiri! Much appreciated, and I think an official interface from TP-link is best in the long run.

Not sure this has been mentioned before (at least it wasn't clear to me), but the downgrade process was very easy and I didn't need to factory reset the camera (which means I didn't have to reconfigure anything, all settings was preserved after the downgrade). The process I did (with my two C320WS cameras):

1. Downgraded according the process described above.
2. Rebooted camera. All settings was still there and I was able to connect to it in the Tapo-app as before.
3. Reauthorised the camera in this integration in Home-assistant. Nothing else was changed (same entity names and so on).
4. Disabled the auto-update feature for the cameras in the Tapo-app to prevent it from automatically update the cameras firmware.

[JurajNyiri]

Edit: @MikeDeltaHH deleted the comment above after getting my response, asking about his ticket being closed incorrectly after notifying all the users through email watching this issue, then posted another "me too" comment below after being asked twice not to do that.

@MikeDeltaHH It was closed correctly. Check build number. Different cameras have different versioning for firmware.

As the comment said, follow instructions and do not post "me too" comments, as everyone gets notified, thank you.

[MikeDeltaHH]

@JurajNyiri Thanks for the info and your support! My firmware is old compared to the one described here but the build is 231214 so it probably has the same cause...

[DaveAuld]

TIP: While we wait for the solution, if you don't want to go through the hassle of downgrading all the cameras, you can always use the ONVIF integration then in your dashboards, comment out your existing Tapo entities and replace with the ONVIF equivalent The camera username and password remains the same when configuring the ONVIF devices and the port is 2020. I have just switched over 6 cameras doing this, and will at least give me the feeds from the cameras for the time being.

[dwkirw]

I wouldn't recommend trying the downgrade.
I've got a C520WS and a C220 that are now bricked. Not a happy camper.

[GRClark]

Late to the issue as the problem just hit my cameras last night so forgive me trying to catch up... How do you know which firmware to select from the list? Know my model number and hardware version as well to select before version 1.3.8 but which build number and what does the rollback mean at the end of some of them?

https://raw.githubusercontent.com/tapo-firmware/Directory/main/all_keys.txt

[TheHomieFox]

@GRClark I have several C100 cameras and I can confirm that firmware version 1.1.15 Build 211130 Rel.15378n(4555) works flawlessly with the integration. I have internet access blocked entirely for my cameras, and I use the local account on each camera. I wasn't aware of that list. Could you please share details as to how to downgrade the firmware on a camera?

[GRClark]

@GRClark I have several C100 cameras and I can confirm that firmware version 1.1.15 Build 211130 Rel.15378n(4555) works flawlessly with the integration. I have internet access blocked entirely for my cameras, and I use the local account on each camera.

I wasn't aware of that list. Could you please share details as to how to downgrade the firmware on a camera?

@TheHomieFox I'm going to try going by these directions, seem simple enough but unsure if this'll reset the camera and set it up again or just rolls back firmware and continues working as it should.

https://github.com/nervous-inhuman/tplink-tapo-c200-re/issues/4#issuecomment-1030056785

[JurajNyiri]

Unfortunately I was forced to lock this due to too many off topic and duplicate posts sending notifications out to everyone watching this issue. This was after more than 3 warnings were sent previously and users ignoring these.

Every information you need regarding this issue is in the main post at the top.

If you have anything new and valuable to share feel free to email me.

[JurajNyiri]

I saw an increase of messages on Discord talking about inactivity on this issue.

If you are wondering what is new, I am waiting for TPLink to send me instructions about endpoint they are developing specifically for this and this integration that should be done around end of June the last I heard from them.

See this message for more details and how to get your camera working in the meantime.

[JurajNyiri]

I have sent an email to TPLink asking for an update on the new API endpoint they are developing.