PT-2024-4193 · Tp Link · Tp-Link Tether+1
Kenichiro Ito
·
Published
2024-05-21
·
Updated
2024-07-03
·
CVE-2024-31340
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TP-Link Tether versions prior to 4.5.13
TP-Link Tapo versions prior to 3.3.6
Description
The issue is related to errors in the certificate authentication procedure, which may allow a remote attacker to perform a man-in-the-middle (MITM) attack. This could enable the attacker to eavesdrop on encrypted communication.
Recommendations
For TP-Link Tether versions prior to 4.5.13, update to version 4.5.13 or later to resolve the issue.
For TP-Link Tapo versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to sensitive data and encrypted communications until the update is applied.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Tapo
Tp-Link Tether