Vulnerabilities > CVE-2023-38906 - Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

tp-link

NVD

Published: 2023-08-22

Updated: 2024-05-07

Summary

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

Vulnerable Configurations

Part	Description	Count
Application	Tp-Link TP Link Tapo 2.8.14	1
OS	Tp-Link TP Link Tapo L530E Firmware 1.0.0	1
Hardware	Tp-Link TP Link Tapo L530E -	1

References

https://arxiv.org/abs/2308.09019
https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
https://www.scitepress.org/Papers/2023/120929/120929.pdf
https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/