Impersonation of Devices Allows Attacks in TP-Link MQTT Broker and API Gateway
CVE-2024-46549

Currently unrated

Key Information:

Vendor: TP-Link
Vendor: CVE Published:; 30 September 2024

Summary

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.

References

https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-...

Timeline

Vulnerability published
Sep 30, 2024