Security · 4h ago
TP-Link Kasa cameras leaked home GPS via unauthenticated UDP for 6 years
A vulnerability in TP-Link Kasa EC71 cameras exposed GPS coordinates and other sensitive data over unauthenticated UDP broadcasts for six years. The flaw, disclosed on GitHub, affects devices with firmware versions prior to a patch released in 2024. TP-Link has issued a fix, but many cameras remain unpatched.
Meridian48 take
This is a stark reminder that IoT security often lags behind convenience, with a basic design flaw persisting for years before disclosure.
Read the full reporting
TP-Link Kasa cameras leaked home GPS via unauthenticated UDP for 6 years →
Hacker News
iot-vulnerabilitytp-link