Vulnerabilities > CVE-2023-38907 - Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tp-link

NVD

Published: 2023-09-25

Updated: 2024-05-07

Summary

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

Vulnerable Configurations

Part	Description	Count
OS	Tp-Link TP Link Tapo L530E Firmware 1.0.0	1
Hardware	Tp-Link TP Link Tapo L530E -	1
Application	Tp-Link TP Link Tapo 2.8.14	1

References

https://arxiv.org/abs/2308.09019
https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
https://www.scitepress.org/Papers/2023/120929/120929.pdf
https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/