Information Disclosure in TP-Link Kasa Smart Cameras
CVE-2026-13230

5.3MEDIUM

What is CVE-2026-13230?

An information disclosure vulnerability has been identified in TP-Link's Kasa EC70 and EC71 smart cameras. This issue affects the local discovery mechanism, inadvertently exposing sensitive geolocation information to potential attackers on the same local network without requiring any form of authentication. By exploiting this flaw, malicious actors can retrieve geolocation-related data through specially crafted responses, posing risks to user privacy and security.

Affected Version(s)

Kasa EC70 v4 NVMP 0 < 2.4.1 Build 20260621 rel.76536

Kasa EC71 v4 NVMP 0 < 2.4.1 Build 20260621 rel.76536

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christopher Childress
.