CVE-2025-8627
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-09-15
Assigner: TPLink
Description
Description
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.
This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | kp303_firmware | to 1.1.0 (exc) |
| tp-link | kp303 | 2.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the TP-Link KP303 Smartplug allows an attacker to send unauthenticated protocol commands to the device. This can cause the smartplug to turn off unexpectedly and may also lead to potential information leakage.
How can this vulnerability impact me? :
This vulnerability can impact you by causing unintended power-off conditions of devices connected to the TP-Link KP303 Smartplug, potentially disrupting your operations or services. Additionally, it may lead to leakage of sensitive information from the device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70