Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices
Key Takeaways TP-Link has issued urgent security updates for two vulnerabilities affecting its Kasa EC70 v4 and EC71 v4 smart cameras. The most severe flaw, CVE-2026-9770, carries a CVSS score of 8.6...
Key Takeaways
- TP-Link has issued urgent security updates for two vulnerabilities affecting its Kasa EC70 v4 and EC71 v4 smart cameras.
- The most severe flaw, CVE-2026-9770, carries a CVSS score of 8.6 (High) and could allow local network attackers to steal a hardcoded cryptographic key.
- Successful exploitation of CVE-2026-9770 enables man-in-the-middle attacks, potentially leading to the interception of administrative credentials and camera communications.
- A second vulnerability, CVE-2026-13230, exposes sensitive geolocation data via the camera’s local discovery service.
- Users must update their camera firmware to versions 2.4.0 Build 20260520 or 2.4.1 Build 20260621 immediately.
Critical Flaws Expose TP-Link Kasa Cameras to Local Network Hijack
TP-Link has released crucial security updates to address two significant vulnerabilities discovered in its Kasa EC70 v4 and EC71 v4 smart camera models. These flaws, identified as CVE-2026-9770 and CVE-2026-13230, could enable threat actors operating within the same local network to compromise device confidentiality and extract sensitive data.
Table Of Content
High-Severity Cryptographic Key Disclosure (CVE-2026-9770)
The more critical of the two issues, CVE-2026-9770, is categorized as a hardware cryptographic key information disclosure vulnerability, earning a high CVSS score of 8.6. According to TP-Link, this vulnerability stems from a hardcoded cryptographic key that is embedded directly within the camera’s system image.
An attacker who has gained access to the local network could leverage this exposed key to undermine the confidentiality of communications between the camera and its web-based management interface. This exploitation pathway creates a significant risk for man-in-the-middle (MitM) attacks, allowing an adversary to intercept network traffic and potentially steal administrative credentials for the device.
A man-in-the-middle attack occurs when a malicious actor secretly positions themselves between two communicating parties, intercepting and potentially altering their exchanges. For instance, an attacker on an unsecure shared Wi-Fi network, a compromised home router, or an inadequately segmented corporate network could covertly monitor or manipulate data flows involving a vulnerable Kasa camera.
Medium-Severity Geolocation Data Exposure (CVE-2026-13230)
The second vulnerability, CVE-2026-13230, affects the cameras’ local discovery response mechanism and has been assigned a CVSS score of 5.3, classifying it as a medium-severity issue. TP-Link explains that this discovery service can unauthentically expose sensitive geolocation information.
An attacker present on the local network could send specially crafted discovery requests or responses to retrieve location-related data from an unpatched camera. TP-Link has confirmed that this flaw primarily impacts confidentiality and does not pose a direct threat to the integrity or availability of the device.
Both vulnerabilities specifically target the Kasa EC70 v4 and EC71 v4 camera models. TP-Link has provided remediations in firmware version 2.4.0 Build 20260520 and version 2.4.1 Build 20260621.
What You Should Do
- Immediately update your TP-Link Kasa EC70 v4 and EC71 v4 camera firmware to version 2.4.0 Build 20260520 or 2.4.1 Build 20260621. You can update their camera firmware through TP-Link’s official support portal or via the Kasa mobile application.
- Ensure your Kasa mobile app is also updated to its latest available version.
- Until updates are applied, enhance your network security by placing smart cameras on a dedicated IoT network segment.
- Utilize strong Wi-Fi encryption protocols and restrict unnecessary access to your local network.
- Verify that your home or office router is running the most current firmware to mitigate other potential network-level vulnerabilities.
- Implement network segmentation where possible to limit an attacker’s ability to reach camera management interfaces, even if another device on the network is compromised.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.