01642 06 11 11 Arrange Call

Certificate Validation Vulnerability in TP-Link Tether and Tapo: Enabling Man-in-the-Middle Attacks

CVE-2024-31340 · MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2024-31340

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Learn more about our Web Application Penetration Testing UK.