Vulnerabilites related to tp-link - tapo
cve-2023-38908
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-02 17:54
Severity ?
EPSS score ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:39.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/abs/2308.09019", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { tags: [ "x_transferred", ], url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { tags: [ "x_transferred", ], url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T14:18:59.022586", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { url: "https://arxiv.org/abs/2308.09019", }, { url: "https://arxiv.org/pdf/2308.09019.pdf", }, { url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38908", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-08-02T17:54:39.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38909
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-02 17:54
Severity ?
EPSS score ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:39.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/abs/2308.09019", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { tags: [ "x_transferred", ], url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { tags: [ "x_transferred", ], url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T14:26:21.306503", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { url: "https://arxiv.org/abs/2308.09019", }, { url: "https://arxiv.org/pdf/2308.09019.pdf", }, { url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38909", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-08-02T17:54:39.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38907
Vulnerability from cvelistv5
Published
2023-09-25 00:00
Modified
2024-08-02 17:54
Severity ?
EPSS score ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:39.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/abs/2308.09019", }, { tags: [ "x_transferred", ], url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { tags: [ "x_transferred", ], url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T14:31:52.486653", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { url: "https://arxiv.org/abs/2308.09019", }, { url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38907", datePublished: "2023-09-25T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-08-02T17:54:39.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34829
Vulnerability from cvelistv5
Published
2023-12-28 00:00
Modified
2024-08-02 16:17
Severity ?
EPSS score ?
Summary
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:17:04.158Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/SecureScripts/TP-Link_Tapo_Hack", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T02:50:46.930266", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/SecureScripts/TP-Link_Tapo_Hack", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-34829", datePublished: "2023-12-28T00:00:00", dateReserved: "2023-06-07T00:00:00", dateUpdated: "2024-08-02T16:17:04.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27098
Vulnerability from cvelistv5
Published
2024-01-09 00:00
Modified
2024-08-02 12:01
Severity ?
EPSS score ?
Summary
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.348Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://tp-link.com", }, { tags: [ "x_transferred", ], url: "http://tp-lin.com", }, { tags: [ "x_transferred", ], url: "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support", }, { tags: [ "x_transferred", ], url: "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T01:10:11.743490", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "http://tp-link.com", }, { url: "http://tp-lin.com", }, { url: "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support", }, { url: "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27098", datePublished: "2024-01-09T00:00:00", dateReserved: "2023-02-27T00:00:00", dateUpdated: "2024-08-02T12:01:32.348Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38906
Vulnerability from cvelistv5
Published
2023-08-21 00:00
Modified
2024-08-02 17:54
Severity ?
EPSS score ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:39.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { tags: [ "x_transferred", ], url: "https://arxiv.org/abs/2308.09019", }, { tags: [ "x_transferred", ], url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { tags: [ "x_transferred", ], url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T14:37:00.745727", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { url: "https://arxiv.org/abs/2308.09019", }, { url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38906", datePublished: "2023-08-21T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-08-02T17:54:39.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-08-22 01:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tapo | 2.8.14 | |
| tp-link | tapo_l530e_firmware | 1.0.0 | |
| tp-link | tapo_l530e | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", matchCriteriaId: "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0427C4E5-322A-40F0-AA88-2FF57A32885F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", matchCriteriaId: "49091A2E-84FF-4A44-87EE-2BA8C366BE51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.", }, { lang: "es", value: "Un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través de la función de autenticación TSKEP.", }, ], id: "CVE-2023-38908", lastModified: "2024-11-21T08:14:25.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T01:15:08.153", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { source: "cve@mitre.org", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "cve@mitre.org", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 00:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tapo | 2.8.14 | |
| tp-link | tapo_l530e_firmware | 1.0.0 | |
| tp-link | tapo_l530e | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", matchCriteriaId: "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0427C4E5-322A-40F0-AA88-2FF57A32885F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", matchCriteriaId: "49091A2E-84FF-4A44-87EE-2BA8C366BE51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.", }, { lang: "es", value: "Un problema en la bombilla inteligente TP Link Tapo serie L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través del código de autenticación para el mensaje UDP.", }, ], id: "CVE-2023-38906", lastModified: "2024-11-21T08:14:25.103", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T00:15:07.920", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "cve@mitre.org", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "cve@mitre.org", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-09 02:15
Modified
2024-11-21 07:52
Severity ?
Summary
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:*:*:*:*:*:android:*:*", matchCriteriaId: "C9EB199F-FE2B-4E4B-B74E-C6B0A2D55AA7", versionEndExcluding: "2.11.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*", matchCriteriaId: "91B3D3B3-6E31-4F14-8DF5-0E3519C29DFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.", }, { lang: "es", value: "TP-Link Tapo APK hasta v2.12.703 utiliza credenciales codificadas para acceder al panel de inicio de sesión.", }, ], id: "CVE-2023-27098", lastModified: "2024-11-21T07:52:19.290", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-09T02:15:44.113", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://tp-lin.com", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "http://tp-link.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://tp-lin.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://tp-link.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 01:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://arxiv.org/abs/2308.09019 | Third Party Advisory | |
| cve@mitre.org | https://arxiv.org/pdf/2308.09019.pdf | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/ | ||
| cve@mitre.org | https://www.scitepress.org/Papers/2023/120929/120929.pdf | ||
| cve@mitre.org | https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arxiv.org/abs/2308.09019 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arxiv.org/pdf/2308.09019.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.scitepress.org/Papers/2023/120929/120929.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tapo | 2.8.14 | |
| tp-link | tapo_l530e_firmware | 1.0.0 | |
| tp-link | tapo_l530e | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", matchCriteriaId: "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0427C4E5-322A-40F0-AA88-2FF57A32885F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", matchCriteriaId: "49091A2E-84FF-4A44-87EE-2BA8C366BE51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.", }, { lang: "es", value: "un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener información sensible a través del componente IV en la función AES128-CBC.", }, ], id: "CVE-2023-38909", lastModified: "2024-11-21T08:14:25.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T01:15:08.537", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { source: "cve@mitre.org", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "cve@mitre.org", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2308.09019.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-25 23:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tapo_l530e_firmware | 1.0.0 | |
| tp-link | tapo_l530e | - | |
| tp-link | tapo | 2.8.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0427C4E5-322A-40F0-AA88-2FF57A32885F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", matchCriteriaId: "49091A2E-84FF-4A44-87EE-2BA8C366BE51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", matchCriteriaId: "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.", }, { lang: "es", value: "Un problema en TPLink Smart bulb TPLink Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener información sensible a través de la clave de sesión en la función de mensaje.", }, ], id: "CVE-2023-38907", lastModified: "2024-11-21T08:14:25.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-25T23:15:09.543", references: [ { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "cve@mitre.org", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "cve@mitre.org", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/abs/2308.09019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.scitepress.org/Papers/2023/120929/120929.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-28 03:15
Modified
2024-11-21 08:07
Severity ?
Summary
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/SecureScripts/TP-Link_Tapo_Hack | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/SecureScripts/TP-Link_Tapo_Hack | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tp-link:tapo:*:*:*:*:*:*:*:*", matchCriteriaId: "72827595-F645-4D2C-BDFA-F211C1994100", versionEndExcluding: "3.1.315", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.", }, { lang: "es", value: "El control de acceso incorrecto en TP-Link Tapo anterior a v3.1.315 permite a los atacantes acceder a las credenciales de usuario en texto plano.", }, ], id: "CVE-2023-34829", lastModified: "2024-11-21T08:07:35.777", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-28T03:15:07.587", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/SecureScripts/TP-Link_Tapo_Hack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/SecureScripts/TP-Link_Tapo_Hack", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }