Vulnerabilities > CVE-2023-38909 - Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

tp-link

NVD

Published: 2023-08-22

Updated: 2024-05-07

Summary

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

Vulnerable Configurations

Part	Description	Count
Application	Tp-Link TP Link Tapo 2.8.14	1
OS	Tp-Link TP Link Tapo L530E Firmware 1.0.0	1
Hardware	Tp-Link TP Link Tapo L530E -	1

References

https://arxiv.org/pdf/2308.09019.pdf
https://arxiv.org/abs/2308.09019
https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
https://www.scitepress.org/Papers/2023/120929/120929.pdf
https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/