CVE-2023-38906

Name of the Vulnerable Software and Affected Versions TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.1.9 TPLink Smart Bulb Tapo series L510E version 1.0.8 TPLink Smart Bulb Tapo series L630 version 1.0.3 TPLink Smart Bulb Tapo series P100 version 1.4.9 TPLink Smart Camera Tapo series C200 version 1.1.18 Tapo Application version 2.8.14

Description The issue is related to the lack of protection for service data in the Wi-Fi lamp TP-Link Tapo L530. A remote attacker can exploit this to obtain sensitive information via the authentication code for the UDP message.

Recommendations For TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.1.9, update to a version that contains a fix for this issue. For TPLink Smart Bulb Tapo series L510E version 1.0.8, update to a version that contains a fix for this issue. For TPLink Smart Bulb Tapo series L630 version 1.0.3, update to a version that contains a fix for this issue. For TPLink Smart Bulb Tapo series P100 version 1.4.9, update to a version that contains a fix for this issue. For TPLink Smart Camera Tapo series C200 version 1.1.18, update to a version that contains a fix for this issue. For Tapo Application version 2.8.14, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the authentication code for the UDP message until a patch is available.