CVE-2023-38907

Name of the Vulnerable Software and Affected Versions TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.2.3 TPLink Smart Bulb Tapo series L510E versions 1.0.0 through 1.0.9 TPLink Smart Bulb Tapo series L630 versions 1.0.0 through 1.0.3 TPLink Smart Bulb Tapo series P100 versions 1.0.0 through 1.4.9 Tapo Application versions 2.8.14 and earlier

Description An issue in TPLink Smart Bulb Tapo series allows a remote attacker to replay old messages encrypted with a still valid session key, potentially obtaining sensitive information via the session key in the message function.

Recommendations For TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.2.3, update to version 1.2.4 or later. For TPLink Smart Bulb Tapo series L510E versions 1.0.0 through 1.0.9, update to version 1.1.0 or later. For TPLink Smart Bulb Tapo series L630 versions 1.0.0 through 1.0.3, update to version 1.0.4 or later. For TPLink Smart Bulb Tapo series P100 versions 1.0.0 through 1.4.9, update to version 1.5.0 or later. For Tapo Application versions 2.8.14 and earlier, update to a version later than 2.8.14.