securityonline.info 7/17/2026, 4:46:27 AM · external

TP‑Link Kasa cameras hit by hardcoded key and location leak flaws

TP‑Link Kasa cameras hit by hardcoded key and location leak flaws
CyberSIXT Evidence Panel
Primary Source tp-link.com
CISA KEV Not in KEV
Patch Patch Available

THE article discusses two vulnerabilities in TP-Link Kasa EC70 and EC71 cameras, specifically CVE-2026-9770 and CVE-2026-13230. CVE-2026-9770, rated 8.6 (High), is a hardcoded cryptographic key issue that can lead to credential interception. CVE-2026-13230, rated 5.3 (Medium), allows for geolocation data leakage without authentication. Both require local network access for exploitation, posing risks if unauthorized devices connect to the network.

TP-Link confirmed no active exploitation or public proof-of-concept for these vulnerabilities. Users are advised to update their devices to the latest firmware to mitigate risks.

View Primary Source Via securityonline.info

Article by CyberSIXT