CVE-2026-13230
Severity CVSS v4.0:
MEDIUM
Type:
CWE-200
Information Leak / Disclosure
Publication date:
15/07/2026
Last modified:
15/07/2026
Description
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes<br />
sensitive geolocation information without requiring authentication. This issue<br />
allows an attacker on the same local network to retrieve geolocation-related<br />
data through crafted responses.<br />
<br />
The<br />
vulnerability impacts confidentiality only, with no evidence of integrity of<br />
availability impact.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/en/support/download/ec71/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec71/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/faq/5192/



