CVE-2026-9770 PUBLISHED

Hardcoded Cryptographic Key Information Disclosure Vulnerability on TP-Link Kasa EC70 and EC71

Assigner: TPLink
Reserved: 27.05.2026 Published: 15.07.2026 Updated: 15.07.2026

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.  An attacker with access to the firmware image can extract the embedded key. 

Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encrypted communications. This may enable passive decryption of traffic or active man-in-the-middle (MITM) attacks

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.6

Product Status

Vendor TP-Link Systems Inc.
Product Kasa EC71 v4
Versions Default: unaffected
  • affected from 0 to 2.4.0 Build 20260520 rel.4191 (excl.)
Vendor TP-Link Systems Inc.
Product Kasa EC70 v4
Versions Default: unaffected
  • affected from 0 to 2.4.0 Build 20260520 rel.4191 (excl.)

Credits

  • Christopher Childress finder

References

Problem Types

  • CWE-321 Use of hard-coded cryptographic key CWE

Impacts

  • CAPEC-474 Signature Spoofing by Key Theft