CVE-2024-31340
MEDIUMTP-Link Tether <4.5.13 & Tapo <3.3.6 - Info Disclosure
Title source: llmDescription
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
References (3)
Core 3
Core References
Various Sources
https://play.google.com/store/apps/details?id=com.tplink.iot
Various Sources
https://play.google.com/store/apps/details?id=com.tplink.tether
Third Party Advisory
https://jvn.jp/en/jp/JVN29471697/
Scores
CVSS v3
4.8
EPSS
0.0038
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (2)
TP-Link/TP-Link Tapo
prior to 3.3.6
TP-Link/TP-Link Tether
prior to 4.5.13
Published
May 22, 2024
Tracked Since
Feb 18, 2026