CVE-2023-38908

Name of the Vulnerable Software and Affected Versions TP-Link Smart Bulb Tapo series L530 versions prior to 1.2.4 TP-Link Smart Bulb Tapo series L510E versions prior to 1.1.0 TP-Link Smart Bulb Tapo series L630 versions prior to 1.0.4 TP-Link Smart Bulb Tapo series P100 versions prior to 1.5.0 Tapo Application versions prior to 2.8.14

Description The issue allows a remote attacker to obtain sensitive information via the TSKEP authentication function. This is related to a lack of protection for service data in the TP-Link Tapo L530 Wi-Fi bulb's firmware.

Recommendations For TP-Link Smart Bulb Tapo series L530 versions prior to 1.2.4, update to version 1.2.4 or later. For TP-Link Smart Bulb Tapo series L510E versions prior to 1.1.0, update to version 1.1.0 or later. For TP-Link Smart Bulb Tapo series L630 versions prior to 1.0.4, update to version 1.0.4 or later. For TP-Link Smart Bulb Tapo series P100 versions prior to 1.5.0, update to version 1.5.0 or later. For Tapo Application versions prior to 2.8.14, update to version 2.8.14 or later.