CVE-2026-13230
Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related data through crafted responses. The vulnerability impacts confidentiality only, with no evidence of integrity of availability impact.
| CWE | CWE-200 |
| Vendor | tp-link systems inc. |
| Product | kasa ec71 v4 |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. kasa ec71 v4
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. kasa ec71 v4 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
TP-Link Systems Inc. / Kasa EC71 v4
0 < 2.4.1 Build 20260621 rel.76536
TP-Link Systems Inc. / Kasa EC70 v4
0 < 2.4.1 Build 20260621 rel.76536
References
tp-link.com: https://www.tp-link.com/us/support/download/ec71/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/ec71/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/faq/5192/
Credits
Christopher Childress