THE article discusses two vulnerabilities in TP-Link Kasa EC70 and EC71 cameras, specifically CVE-2026-9770 and CVE-2026-13230. CVE-2026-9770, rated 8.6 (High), is a hardcoded cryptographic key issue that can lead to credential interception. CVE-2026-13230, rated 5.3 (Medium), allows for geolocation data leakage without authentication. Both require local network access for exploitation, posing risks if unauthorized devices connect to the network.
TP-Link confirmed no active exploitation or public proof-of-concept for these vulnerabilities. Users are advised to update their devices to the latest firmware to mitigate risks.