TP-Link Tether vulnerability allows remote unauthenticated attacker to eavesdrop on encrypted communication

CVE-2024-31340

Currently unrated 🤨

Key Information

Vendor: Tp-link
Status: Tp-link Tether; Tp-link Tapo
Vendor: CVE Published:; 22 May 2024

Summary

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Affected Version(s)

TP-Link Tether = prior to 4.5.13

TP-Link Tapo = prior to 3.3.6

Timeline

Vulnerability published.
May 22, 2024
Vulnerability Reserved.
Apr 1, 2024

Collectors

NVD DatabaseMitre Database