CVE-2023-38908
Last modified
CVE-2023-38908 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tapo | 2.8.14 |
| Tp-Link | Tapo L530e Firmware | 1.0.0 |
References
- https://arxiv.org/abs/2308.09019Third Party Advisory
- https://arxiv.org/pdf/2308.09019.pdfTechnical Description, Third Party Advisory
- https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1Third Party Advisory
- https://arxiv.org/abs/2308.09019Third Party Advisory
- https://arxiv.org/pdf/2308.09019.pdfTechnical Description, Third Party Advisory
- https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-38908?
How severe is CVE-2023-38908?
How do I fix CVE-2023-38908?
Are you affected by CVE-2023-38908?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST