An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact. | |
| Title | Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71 | |
| Weaknesses | CWE-200 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-07-15T12:37:09.376Z
Reserved: 2026-06-24T17:50:08.263Z
Link: CVE-2026-13230
Updated: 2026-07-15T12:37:04.068Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses