An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes
sensitive geolocation information without requiring authentication. This issue
allows an attacker on the same local network to retrieve geolocation-related
data through crafted responses.
The
vulnerability impacts confidentiality only, with no evidence of integrity of
availability impact.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact. | |
| Title | Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71 | |
| Weaknesses | CWE-200 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-07-15T12:37:09.376Z
Reserved: 2026-06-24T17:50:08.263Z
Link: CVE-2026-13230
Updated: 2026-07-15T12:37:04.068Z
No data.
No data.
OpenCVE Enrichment
No data.