CVE-2024-31340

Summary

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Affected Software

VendorProductVersion RangeStatus
TP-LinkTP-Link Tetherprior to 4.5.13affected
TP-LinkTP-Link Tapoprior to 3.3.6affected

Weaknesses

  • Improper certificate validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References