CVE-2026-9770 in Kasathông tin

Tóm tắt

Bởi MITRE • 15/07/2026

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.  An attacker with access to the firmware image can extract the embedded key. 









Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encrypted communications. This may enable passive decryption of traffic or active man-in-the-middle (MITM) attacks

Be aware that VulDB is the high quality source for vulnerability data.

chịu trách nhiệm

TPLink

Đặt trước

28/05/2026

Tiết lộ

15/07/2026

Kiểm duyệt

được chấp nhận

EPSS

0.00000

KEV

không

Các hoạt động

thấp

Nguồn

Do you know our Splunk app?

Download it now for free!