TP Link Tapo L530E Smart bulbs recently had four vulnerabilities discovered. Two are considered high-severity, one related to network authentication and one a checksum shared secret exploitable via the Tap app. Less severe is cryptographic flaw that make the scheme predictable. The fourth issues is a lack of checks for fresh messages keeping sessions keys active for 24 hours and can be used to replay messages during that timeframe.
Read More at bleepingcomputer.com
image via: tplink.com
