CVE-2026-9770 is a hardware cryptographic key information disclosure vulnerability affecting TP-Link Kasa EC70 v4 and EC71 v4 firmware. The affected firmware stores a static cryptographic private key in a read-only filesystem, and the same embedded key is shared across devices. An attacker who obtains access to the firmware image can extract this private key and then use it against the device’s web management service. Because the key is reused and embedded rather than uniquely generated per device and securely protected, the vulnerability undermines the confidentiality guarantees of encrypted management communications and enables cryptographic impersonation of the device in local network attack scenarios.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A high-severity information disclosure vulnerability in TP-Link Kasa EC70 v4 and EC71 v4 smart cameras caused by a hardcoded cryptographic key embedded in the system image, enabling local-network attackers to compromise confidentiality and potentially conduct man-in-the-middle attacks to intercept traffic or obtain administrative credentials.
A high-severity information disclosure vulnerability in TP-Link Kasa EC70 v4 and EC71 v4 cameras caused by a hardcoded cryptographic key, enabling a local network attacker to perform machine-in-the-middle interception and capture administrative credentials.
A vulnerability in TP-Link Kasa EC71 v4 and EC70 v4 firmware where a static cryptographic private key is embedded in the read-only filesystem and shared across devices, enabling key extraction and potential passive decryption or active MITM attacks on the same network.
A high-severity information disclosure vulnerability in TP-Link Kasa EC70 v4 and EC71 v4 where a hardcoded cryptographic key in the system image can let a local-network attacker compromise confidentiality of web management communications and potentially perform MITM attacks to obtain administrative credentials.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.