CVE-2026-13230
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-200
Revelación de información
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026
Descripción
*** Pendiente de traducción *** An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes<br />
sensitive geolocation information without requiring authentication. This issue<br />
allows an attacker on the same local network to retrieve geolocation-related<br />
data through crafted responses.<br />
<br />
The<br />
vulnerability impacts confidentiality only, with no evidence of integrity of<br />
availability impact.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Referencias a soluciones, herramientas e información
- https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/en/support/download/ec71/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec71/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/faq/5192/



