CVE-2025-8627

Summary

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.

This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.TP-Link KP303 (US) Smartplug0 < 1.1.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References