CVE-2023-38906
MEDIUMTPLink Smart Bulb/Tapo App <2.8.14 - Info Disclosure
Title source: llmDescription
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
References (4)
Core 4
Core References
Various Sources
https://www.scitepress.org/Papers/2023/120929/120929.pdf
Third Party Advisory
https://arxiv.org/abs/2308.09019
Third Party Advisory
https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
26.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
tp-link/tapo
2.8.14
tp-link/tapo_l530e_firmware
1.0.0
Published
Aug 22, 2023
Tracked Since
Feb 18, 2026