CVE-2024-31340

Published: May 22, 2024

Modified: Mar 28, 2025

PUBLISHED

Description

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Vendor	Product	Versions
TP-Link	TP-Link Tether	affected `prior to 4.5.13`
TP-Link	TP-Link Tapo	affected `prior to 3.3.6`

References

https://play.google.com/store/apps/details?id=com.tplink.tether

https://play.google.com/store/apps/details?id=com.tplink.iot

https://jvn.jp/en/jp/JVN29471697/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-31340

Description

Affected Products

References