TP-Link Cameras Vulnerable to Man-in-the-Middle Attacks and Data Leakage
TP-Link has released firmware updates to address two vulnerabilities in its Kasa smart cameras, one enabling Man-in-the-Middle attacks and another leaking geolocation data.

TP-Link has issued critical security updates for its Kasa EC70 v4 and EC71 v4 smart camera models, patching two vulnerabilities that could expose users to significant risks. The flaws, identified as CVE-2026-9770 and CVE-2026-13230, were discovered to allow local network attackers to compromise device security and exfiltrate sensitive information.
The most severe of the two, CVE-2026-9770, is a hardware cryptographic key disclosure vulnerability with a high CVSS score of 8.6. This flaw stems from a hardcoded cryptographic key embedded directly within the camera's system image. An attacker present on the same local network could leverage this exposed key to intercept and potentially manipulate communications between the camera and its web management interface. This opens the door for sophisticated Man-in-the-Middle (MitM) attacks, where an attacker could eavesdrop on traffic or steal administrative credentials, effectively taking control of the camera's operations.
Man-in-the-Middle attacks are particularly insidious as they involve an attacker secretly positioning themselves between a user or device and a service. In the context of these TP-Link cameras, an attacker sharing a Wi-Fi network, or one who has compromised a network router, could intercept data streams. This could lead to unauthorized surveillance or the compromise of sensitive video feeds, especially if the camera is used for home security.
The second vulnerability, CVE-2026-13230, affects the cameras' local discovery response mechanism and carries a medium CVSS score of 5.3. This issue allows an attacker on the local network to obtain geolocation-related information without any authentication. While TP-Link states this vulnerability impacts confidentiality only, the leakage of location data can still pose a privacy risk, potentially revealing the physical whereabouts of the camera and its users.
Both vulnerabilities affect the Kasa EC70 v4 and EC71 v4 camera models. TP-Link has made patches available through firmware version 2.4.0 Build 20260520 for the EC70 and version 2.4.1 Build 20260621 for the EC71. Users are strongly advised to update their camera firmware immediately via the official TP-Link support portal or the Kasa mobile application, ensuring the app itself is also up-to-date.
Until firmware updates can be applied, TP-Link recommends several mitigation strategies. These include segmenting smart cameras onto a separate IoT network, employing robust Wi-Fi encryption, restricting access to the local network, and ensuring that home routers are running the latest firmware. Network segmentation is a key defense, as it can limit an attacker's lateral movement within the network should another device be compromised.
TP-Link has emphasized the importance of prompt patching, warning that devices left unpatched remain susceptible to exploitation. The disclosure of these vulnerabilities highlights the ongoing security challenges associated with the proliferation of Internet of Things (IoT) devices, particularly those used for surveillance and home automation, which often become targets for attackers seeking to expand their network access or steal personal information.