TP-Link's Kasa Spot EC71 cameras exposed home GPS data via unauthenticated UDP for six years. A patch in firmware version 2.4.1 remedied significant security vulnerabilities that compromised user data.
A security analysis of the TP-Link Kasa Spot EC71 revealed critical vulnerabilities that compromised user confidentiality, integrity, and availability. The device faced issues like unauthenticated exposure of GPS data and insecure credential storage, leading to an urgent need for remediation.
The GPS vulnerability was publicly known since August 2020, while the underlying protocol issue was identified back in July 2016. Despite this, TP-Link only addressed these vulnerabilities last year, indicating a policy of incremental remediation rather than comprehensive overhauls.
The critical flaws were patched in firmware version 2.4.1, marking a significant step towards securing the Kasa EC71 line. However, the time frame of six years highlights potential systemic issues in TP-Link's vulnerability management processes. The vendor's CVSS score for these issues stands at 8.6, indicating the severity of the flaws.
There are potential recovery risks associated with factory-reset devices, where previous owners’ credentials and GPS coordinates could be obtained. This highlights the need for users to be vigilant even after firmware updates.
✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →
TP-Link's Kasa Spot EC71 cameras exposed home GPS data via unauthenticated UDP for six years. A patch in firmware version 2.4.1 remedied significant security vulnerabilities that compromised user data.