Vulnerabilities > CVE-2023-38909 - Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE low complexity
tp-link
Summary
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 | |
Hardware | 1 |
References
- https://arxiv.org/abs/2308.09019
- https://arxiv.org/abs/2308.09019
- https://arxiv.org/pdf/2308.09019.pdf
- https://arxiv.org/pdf/2308.09019.pdf
- https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/
- https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/
- https://www.scitepress.org/Papers/2023/120929/120929.pdf
- https://www.scitepress.org/Papers/2023/120929/120929.pdf
- https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
- https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1