Description
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact. | |
| Title | Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71 | |
| Weaknesses | CWE-200 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-07-15T00:21:16.177Z
Reserved: 2026-06-24T17:50:08.263Z
Link: CVE-2026-13230
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor