Primary

Context

TP-Link KP303 Smartplug Unauthenticated Command Vulnerability Leading to Power Loss and Information Leak

Vulnerability

A vulnerability exists in the TP-Link KP303 Smartplug (US version) prior to firmware 1.1.0, allowing unauthenticated protocol commands to be sent to the device. These commands can cause unintended power-off events and potentially leak information.

Impact

Exploitation of this vulnerability allows for the execution of unauthenticated protocol commands on the device, which can lead to unauthorized power management actions and information disclosure.

Remediation

Users are advised to update the TP-Link KP303 Smartplug to firmware version 1.1.0 or later to address this vulnerability.

Added: Aug 25, 2025, 10:20 PM

Updated: Aug 25, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link KP303 Smartplug Unauthenticated Command Vulnerability Leading to Power Loss and Information Leak

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating