CVE-2023-38907

7.5HIGH

Key Information

Vendor: Tp-link
Status: Tapo L530e Firmware
Vendor: CVE Published:; 25 September 2023

Summary

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 25, 2023
Vulnerability Reserved.
Jul 25, 2023

Collectors

NVD DatabaseMitre Database