CVE-2023-38909
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 22, 2023
Updated: May 7, 2024
Summary
CVE-2023-38909 is a vulnerability affecting several TP-Link Smart Bulb models and the Tapo Application. The issue enables remote attackers to extract sensitive information due to a weakness in the AES128-CBC function's IV component. Specifically, these affected devices include Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, and P100 before 1.5.0, along with the Tapo Application version 2.8.14. An attacker can exploit this vulnerability to gain access to sensitive data, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- TP-Link Tapo
Affected Vendors
- TP-LINK Technologies Co Ltd