Description
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
References (5)
Core 5
Core References
Various Sources
https://www.scitepress.org/Papers/2023/120929/120929.pdf
Third Party Advisory
https://arxiv.org/abs/2308.09019
Exploit, Technical Description, Third Party Advisory
https://arxiv.org/pdf/2308.09019.pdf
Third Party Advisory
https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1
Scores
CVSS v3
6.5
EPSS
0.0009
EPSS Percentile
25.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
tp-link/tapo
2.8.14
tp-link/tapo_l530e_firmware
1.0.0
Published
Aug 22, 2023
Tracked Since
Feb 18, 2026