Information Disclosure in TP-Link Kasa Smart Cameras
CVE-2026-13230
5.3MEDIUM
Key Information:
- Vendor
Tp-link Systems Inc.
- Status
- Vendor
- CVE Published:
- 15 July 2026
What is CVE-2026-13230?
An information disclosure vulnerability has been identified in TP-Link's Kasa EC70 and EC71 smart cameras. This issue affects the local discovery mechanism, inadvertently exposing sensitive geolocation information to potential attackers on the same local network without requiring any form of authentication. By exploiting this flaw, malicious actors can retrieve geolocation-related data through specially crafted responses, posing risks to user privacy and security.
Affected Version(s)
Kasa EC70 v4 NVMP 0 < 2.4.1 Build 20260621 rel.76536
Kasa EC71 v4 NVMP 0 < 2.4.1 Build 20260621 rel.76536
