Agatah2333

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo P125M and Kasa KP125M version 1.0.3 **Description** The issue allows attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack due to improper validation of certificates. **Recommendations** For TP-Link Tapo P125M and Kasa KP125M version 1.0.3, update the firmware to a version that properly validates certificates to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** TP-Link Kasa KP125M version 1.0.3 **Description** An issue in the TP-Link MQTT Broker and API gateway allows attackers to establish connections by impersonating devices owned by other users. This impersonation can lead to unauthorized access. **Recommendations** For TP-Link Kasa KP125M version 1.0.3, consider restricting access to the MQTT Broker and API gateway until a patch is available. As a temporary workaround, disabling the device impersonation feature can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TP-Link Kasa KP125M version 1.0.0 Tapo P125M version 1.0.0 Build 220930 Rel.143947 **Description** An Information Disclosure issue in the Telemetry component allows attackers to observe device state via observing network traffic. **Recommendations** For TP-Link Kasa KP125M version 1.0.0, consider restricting network access to minimize the risk of exploitation. For Tapo P125M version 1.0.0 Build 220930 Rel.143947, consider restricting network access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.