CVE-2026-9770
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-321
Uso de claves de cifrado embebidas en el software
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026
Descripción
*** Pendiente de traducción *** Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem<br />
that is shared across devices. An<br />
attacker with access to the firmware image can extract the embedded key. <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Successful<br />
exploitation may allow an unauthenticated attacker on the same network to use<br />
this key in the web management service, compromising the confidentiality of<br />
encrypted communications. This may enable passive decryption of traffic or<br />
active man-in-the-middle (MITM) attacks
Impacto
Puntuación base 4.0
8.60
Gravedad 4.0
ALTA
Referencias a soluciones, herramientas e información
- https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/en/support/download/ec71/v4/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/download/ec71/v4/#Firmware-Release-Notes
- https://www.tp-link.com/us/support/faq/5192/



