An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 30 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Tplink
Tplink kasa Kp125m
Weaknesses CWE-269
CPEs cpe:2.3:a:tplink:kasa_kp125m:*:*:*:*:*:*:*:*
Vendors & Products Tplink
Tplink kasa Kp125m
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 30 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Description An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-30T20:51:18.694Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46549

cve-icon Vulnrichment

Updated: 2024-09-30T20:48:34.026Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-30T17:15:04.683

Modified: 2024-10-04T13:51:25.567

Link: CVE-2024-46549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.