An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Tplink
  • Kasa Kp125m

No data.

No data.

No data.

References
Link Providers
https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-2024-46549.md cve-icon cve-icon
History

Mon, 30 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Tplink
Tplink kasa Kp125m
Weaknesses CWE-269
CPEs cpe:2.3:a:tplink:kasa_kp125m:*:*:*:*:*:*:*:*
Vendors & Products Tplink
Tplink kasa Kp125m
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Description An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-30T20:51:18.694Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46549

cve-icon Vulnrichment

Updated: 2024-09-30T20:48:34.026Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-30T17:15:04.683

Modified: 2024-10-04T13:51:25.567

Link: CVE-2024-46549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.