Unauthenticated Command Execution Vulnerability in TP-Link Smartplug
CVE-2025-8627

8.7HIGH

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tp-link Kp303 (us) Smartplug
Vendor: CVE Published:; 25 August 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-8627?

The TP-Link KP303 Smartplug is susceptible to an issue where unauthenticated protocol commands can be sent to the device. This vulnerability may lead to unintended power-off conditions and potential information exposure, impacting user control and device integrity.

Affected Version(s)

TP-Link KP303 (US) Smartplug 0 < 1.1.0

References

https://www.tp-link.com/us/support/faq/4619/

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Elysee Franchuk of MOBIA Technology Innovations