CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10523 – Information Disclosure Vulnerability in TP-Link IoT Smart Hub
https://notcve.org/view.php?id=CVE-2024-10523
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31340
https://notcve.org/view.php?id=CVE-2024-31340
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. Las versiones de TP-Link Tether anteriores a 4.5.13 y las versiones de TP-Link Tapo anteriores a 3.3.6 no validan correctamente los certificados, lo que puede permitir que un atacante remoto no autenticado escuche a escondidas una comunicación cifrada a través de un ataque de intermediario. • https://jvn.jp/en/jp/JVN29471697 https://play.google.com/store/apps/details?id=com.tplink.iot https://play.google.com/store/apps/details?id=com.tplink.tether •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1000009
https://notcve.org/view.php?id=CVE-2016-1000009
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. TP-LINK pierde control de dos dominios, www.tplinklogin.net y tplinkextender.net. Tenga en cuenta que estos dominios se imprimen físicamente en muchos de los dispositivos. • http://seclists.org/bugtraq/2016/Jul/3 https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg • CWE-254: 7PK - Security Features •