Static Cryptographic Key Vulnerability in Kasa Smart Devices
CVE-2026-9770

8.6HIGH

What is CVE-2026-9770?

The firmware for Kasa EC71 v4 and EC70 v4 contains a static cryptographic private key stored within a read-only file system. This key is shared across multiple devices, and if an attacker gains access to the firmware image, they can extract the embedded key. This situation poses a significant risk, as it may allow an unauthorized attacker within the same network to exploit the web management service using the extracted key, leading to potential passive decryption of sensitive traffic or active man-in-the-middle (MITM) attacks, severely compromising the confidentiality of user communications.

Affected Version(s)

Kasa EC70 v4 0 < 2.4.0 Build 20260520 rel.4191

Kasa EC71 v4 0 < 2.4.0 Build 20260520 rel.4191

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christopher Childress
.