CVSS4
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N
AI Score
Confidence
Low
EPSS
Percentile
11.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVSS4
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N
AI Score
Confidence
Low
EPSS
Percentile
11.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial