Statement on Insecure Local Communication Vulnerabilities in Tapo and Kasa Devices and apps

Security Advisory
Updated 10-24-2024 09:26:54 AM 14822

TP-Link is aware of reports regarding CVE-2023-38906, CVE-2023-38908, and CVE-2023-38909. User security is our top priority, and to rectify the vulnerabilities, TP-Link has released the new firmware for the affected devices and new version of the Tapo/Kasa app.

Solution

Please update your Tapo/Kasa devices and app to the latest version to ensure optimal security.

How to upgrade the firmware for Tapo/Kasa devices:

https://www.tp-link.com/support/faq/2621/

https://www.tp-link.com/support/faq/1256/

How to upgrade the Tapo/Kasa app: Go to the App Store or Play Store, search for TP-Link Tapo or Kasa, and click Update.

Disclaimer

The vulnerabilities will remain if you do not take all the recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Revision History

2023-08-23 Published Advisory

2023-09-12 Updated Solution

2024-09-10 Updated Solution

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.