VEXID-7902418
Published 2026-07-15 01:16:14
Last Modified 2026-07-15 01:16:14
AKA CVE-2026-13230
Summary An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact.
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete