Description
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact. | |
| Title | Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71 | |
| Weaknesses | CWE-200 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-07-15T12:37:09.376Z
Reserved: 2026-06-24T17:50:08.263Z
Link: CVE-2026-13230
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses