Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Aug 2, 2024

CVE-2023-38909

Description

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

TPLink/Smart Bulb Tapo seriesdescription
TP-Link/Smart Bulb Tapo seriesllm-create
Range: L530 <1.2.4, L510E <1.1.0, L630 <1.0.4, P100 <1.5.0
TP-Link/Tapo Applicationllm-fuzzy
Range: <2.8.14

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

arxiv.org/abs/2308.09019mitre
arxiv.org/pdf/2308.09019.pdfmitre
www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/mitre
www.scitepress.org/Papers/2023/120929/120929.pdfmitre
www.scitepress.org/PublicationsDetail.aspxmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000