CVE-2026-9770

TP-Link · Kasa EC71 v4 and EC70 v4

TP-Link Kasa EC71 and EC70 v4 firmware versions store a static cryptographic private key on a read-only filesystem, which is shared across all devices.

Executive summary

The presence of a hard-coded, static cryptographic key across TP-Link Kasa devices introduces a critical risk of interception and unauthorized access to device communications.

Vulnerability

This vulnerability (CWE-321) involves the use of hard-coded cryptographic keys, which enables an attacker with adjacent network access to potentially decrypt communications or impersonate legitimate devices.

Business impact

The use of a shared static key undermines the security of the entire device fleet. A successful exploit could lead to the complete compromise of device confidentiality and integrity, effectively nullifying the encryption intended to protect user traffic and device management commands.

Remediation

Immediate Action: Update the firmware of all Kasa EC71 and EC70 v4 devices to version 2.4.0 Build 20260520 rel.4191 or later, as provided by the TP-Link support portal.

Proactive Monitoring: Monitor the local network for unusual authentication requests or attempts to intercept traffic originating from smart home devices.

Compensating Controls: Isolate smart home devices onto a dedicated VLAN to limit the scope of potential lateral movement or interception attempts from compromised devices on the primary network.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Due to the nature of hard-coded credentials, this vulnerability poses a significant risk to the privacy and security of the affected hardware. Users should ensure the firmware update is applied immediately to rotate or replace the insecure cryptographic material.