Tp Link · Kasa Ec71 V4 · CVE-2026-9770
**Name of the Vulnerable Software and Affected Versions**
Kasa EC71 v4 (affected versions not specified)
Kasa EC70 v4 (affected versions not specified)
**Description**
The firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across all devices. An attacker with access to the firmware image can extract this embedded key. This allows an unauthenticated attacker on the same network to use the key within the web management service, compromising the confidentiality of encrypted communications. This can lead to passive decryption of traffic or active man-in-the-middle (MITM) attacks, where an attacker intercepts and potentially alters communication between two parties.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.