TP-Link Tether vulnerability allows remote unauthenticated attacker to eavesdrop on encrypted communication
CVE-2024-31340

4.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Tp-link Tether; Tp-link Tapo
Vendor: CVE Published:; 22 May 2024

Summary

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Affected Version(s)

TP-Link Tapo prior to 3.3.6

TP-Link Tether prior to 4.5.13

References

https://play.google.com/store/apps/details?id=com.tplink....

https://play.google.com/store/apps/details?id=com.tplink.iot

https://jvn.jp/en/jp/JVN29471697/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2024
Vulnerability Reserved
Apr 1, 2024