🔐 CVE Alert

CVE-2026-13230

UNKNOWN 0.0

Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact.

CWE CWE-200
Vendor tp-link systems inc.
Product kasa ec71 v4
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. kasa ec71 v4

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. kasa ec71 v4 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TP-Link Systems Inc. / Kasa EC71 v4
0 < 2.4.1 Build 20260621 rel.76536
TP-Link Systems Inc. / Kasa EC70 v4
0 < 2.4.1 Build 20260621 rel.76536

References

NVD ↗ CVE.org ↗ EPSS Data ↗
tp-link.com: https://www.tp-link.com/us/support/download/ec71/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/ec71/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/faq/5192/

Credits

Christopher Childress