Shenzhen Phaten Tech. LTD — 8 prefixes (MA-L)

Shenzhen Phaten Tech. LTD (trading as Shenzhen Phaten Technology Co., Ltd.) is a Chinese IoT hardware maker that holds eight separate IEEE MA-L blocks, all registered to the same Guangming District, Shenzhen address — 04:4A:69, 0C:C1:19, 10:B0:6E, 2C:05:47, 34:A6:EF, 8C:BD:37, BC:FD:0C, and CC:B8:5E. The company designs low-power Wi-Fi and Bluetooth combo modules for smart-home and consumer-electronics OEMs, built largely on Beken BK7231N and Realtek RTL8720CF/RTL8720DF silicon, plus newer Matter-over-Wi-Fi modules on Espressif ESP8684/ESP8685 and Realtek RTL8711DCM. These modules ship inside the Tuya device ecosystem, so the same hardware surfaces under many retail brands in smart plugs, switches, ceiling lights, and mesh devices; an audio line on XMOS XU316 also exists. The practical security note for asset classification: Phaten modules based on BK7231N (CB2S, CB2L) and RTL8720CF (WBR3) are among the chipsets reflashable via the Tuya CloudCutter OTA jailbreak — an exposure in unpatched Tuya-SDK firmware shared across all OEMs using these parts, not a Phaten-specific defect, and no Phaten-specific CVE was found. A Phaten OUI on a globally-administered address reliably flags low-cost, cloud-dependent smart-home IoT; the company is a legitimate module vendor, not a threat actor.

IEEE assignment

8 prefixes → Shenzhen Phaten Tech. LTD, registered Shenzhen, Guangdong, CN [Confirmed] — IEEE MA-L (enrichment/registries/oui.csv lines 61, 6734, 7871, 8846, 22781, 22955, 23144, 30583)

Registry / block size

MA-L (24-bit OUI; each block covers 16,777,216 addresses); holds 8 IEEE prefixes (~134M addresses). No MA-M or MA-S blocks appear in the cached registries (absent from mam.csv and oui36.csv). [Confirmed] — IEEE MA-L. NOTE: IEEE's public OUI data publishes NO assignment/registration date; third-party tools (maclookup.app) show "first registration 14 May 2021, last updated 12 May 2026" but those are database artifacts, not IEEE facts.

HQ / country

C-6 ideamonto industril, 7002 Songbai Road, Guangming District, Shenzhen City, Guangdong 518108, China (CN) (registry address) [Confirmed] — IEEE MA-L / maclookup.app

Company status

active [Likely] — en.phaten.com (primary site reachable via GitHub Pages mirror; main domain SSL cert was expired at research time)

Founding year

2016 (vendor self-description) [Likely] — en.phaten.com

Device types

low-power Wi-Fi+BLE combo modules for smart-home/consumer-electronics OEMs (smart plugs, switches, ceiling lights, mesh devices) and a wireless-audio line [Confirmed] — phateniot.github.io/en/products/, en.phaten.com/products/2.html

Module / chipset lines

CB2S, CB2L, WBR3-C on Beken BK7231N and Realtek RTL8720CF/RTL8720DF; Matter modules WB30D-1711DCMV1 (RTL8711DCM), WB02A/WB03A (ESP8684), WB02A-8685H4V1 (ESP8685); audio A316 series on XMOS XU316 [Confirmed] — phateniot.github.io/en/products/, en.phaten.com/products_details/57.html, en.phaten.com/products_details/58.html

Tuya ecosystem / independent corroboration

CB2S and CB2L carried as Tuya-platform OEM modules with datasheets; community teardowns confirm these modules inside smart plugs/switches sold under various brands [Confirmed] — developer.tuya.com (CB2S datasheet), elektroda.com/rtvforum/topic3957163.html

FCC IDs

2ANDL-CB2S (CB2S, BK7231N) and 2ANDL-WBR3 (WBR3, RTL8720CF); grantee code 2ANDL associated with Phaten. A separate 2AV7W-CB2S filing may be a Tuya-labeled variant of the same hardware. [Confirmed] — fcc.report/FCC-ID/2ANDL-CB2S, fcc.report/FCC-ID/2ANDL-WBR3

Matter / Thread

newer modules (WB30D on RTL8711DCM, ESP8684/8685) target Matter-over-Wi-Fi; Thread appears as a product-blog category but no specific Thread-radio module confirmed [Likely] — phateniot.github.io/en/products/

Security note

BK7231N (CB2S/CB2L) and RTL8720CF (WBR3) Phaten modules are among chipsets targeted by Tuya CloudCutter, an OTA firmware-replacement jailbreak exploiting unpatched Tuya-SDK firmware. Exposure is shared across all BK7231N/RTL8720CF Tuya-ecosystem modules regardless of OEM; affects cloud-connected firmware, not the hardware. No Phaten-specific CVE found; no threat-actor profile. [Likely] — github.com/tuya-cloudcutter/tuya-cloudcutter, digiblur.com/2023/08/19/...

Website

https://en.phaten.com/ (English; SSL cert expired at research time). Mirror: https://phateniot.github.io/en/products/ [Confirmed] — en.phaten.com, phateniot.github.io

IANA Reference

none — not applicable to OUI vendor entries; column stays blank. [Confirmed]

Analyst note

A Phaten OUI on a globally-administered address identifies low-cost smart-home IoT modules with cloud-dependent update paths and a known OTA jailbreak surface; treat such MACs on unmanaged segments accordingly. Phaten is a legitimate Shenzhen module OEM, not a malicious actor.