Skip to content
Tech News
← Back to articles

TP-Link Kasa cameras leaked home GPS via unauthenticated UDP for 6 years

read original more articles
Why This Matters

The leak of home GPS data via unauthenticated UDP in TP-Link Kasa cameras highlights critical security vulnerabilities that could compromise user privacy and security. The vulnerabilities, which persisted for six years before being patched, underscore the importance of rigorous security practices in IoT device development. This case serves as a reminder for consumers and industry stakeholders to prioritize firmware updates and security audits to protect sensitive information.

Key Takeaways

Security Advisory: Kasa Spot EC71 (Firmware 2.3.26)

Author: Christopher Childress (BadChemical)

Status: Patched, CVE-2026-9770 (RSA/IAM) and CVE-2026-13230 (GPS) remediated in 2.4.1.

Vendor: TP-Link Systems Inc. / Kasa

Product: Kasa Spot EC71

Firmware Version: 2.3.26 (Build Date: 20240425, Release ID: 33797)

Patched Firmware: 2.4.1

CVE: CVE-2026-9770 / CVE-2026-13230

Published: July 16th, 2026

Legal Disclaimer

... continue reading