๐Ÿ” CVE Alert

CVE-2026-9770

UNKNOWN 0.0

Hardcoded Cryptographic Key Information Disclosure Vulnerability on TP-Link Kasa EC70 and EC71

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.ย  An attacker with access to the firmware image can extract the embedded key.ย  Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encrypted communications. This may enable passive decryption of traffic or active man-in-the-middle (MITM) attacks

CWE CWE-321
Vendor tp-link systems inc.
Product kasa ec71 v4
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. kasa ec71 v4

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. kasa ec71 v4 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

TP-Link Systems Inc. / Kasa EC71 v4
0 < 2.4.0 Build 20260520 rel.4191
TP-Link Systems Inc. / Kasa EC70 v4
0 < 2.4.0 Build 20260520 rel.4191

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
tp-link.com: https://www.tp-link.com/en/support/download/ec71/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/download/ec71/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/faq/5192/

Credits

Christopher Childress