Vulnerabilites related to tp-link - kc300s2
cve-2020-11445
Vulnerability from cvelistv5
Published
2020-04-01 03:57
Modified
2024-08-04 11:28
Severity ?
EPSS score ?
Summary
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cnvd.org.cn/flaw/show/1916613 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:28:13.879Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-01T03:57:55", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11445", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cnvd.org.cn/flaw/show/1916613", refsource: "MISC", url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11445", datePublished: "2020-04-01T03:57:55", dateReserved: "2020-04-01T00:00:00", dateUpdated: "2024-08-04T11:28:13.879Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-04-01 04:15
Modified
2024-11-21 04:57
Severity ?
Summary
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cnvd.org.cn/flaw/show/1916613 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cnvd.org.cn/flaw/show/1916613 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc450_firmware | * | |
| tp-link | nc450 | - | |
| tp-link | nc260_firmware | * | |
| tp-link | nc260 | - | |
| tp-link | nc250_firmware | * | |
| tp-link | nc250 | - | |
| tp-link | nc230_firmware | * | |
| tp-link | nc230 | - | |
| tp-link | nc220_firmware | * | |
| tp-link | nc220 | - | |
| tp-link | nc210_firmware | * | |
| tp-link | nc210 | - | |
| tp-link | nc200_firmware | * | |
| tp-link | nc200 | - | |
| tp-link | kc300s2_firmware | * | |
| tp-link | kc300s2 | - | |
| tp-link | kc310s2_firmware | * | |
| tp-link | kc310s2 | - | |
| tp-link | kc200_firmware | * | |
| tp-link | kc200 | - | |
| tp-link | tapo_c200_firmware | * | |
| tp-link | tapo_c200 | - | |
| tp-link | tapo_c100_firmware | * | |
| tp-link | tapo_c100 | - | |
| tp-link | tl-sc3430_firmware | * | |
| tp-link | tl-sc3430 | - | |
| tp-link | tl-sc3430n_firmware | * | |
| tp-link | tl-sc3430n | - | |
| tp-link | tl-sc4171g_firmware | * | |
| tp-link | tl-sc4171g | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "771BEC34-1944-43ED-B2FC-F5B03A1C68DA", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82A81BB5-61AF-4E19-AC96-5EE29DA03D59", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74A2AC9-9873-4744-8A15-0771FD231FD7", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97853CD1-D3A6-4713-88CA-F679614AE8E6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E12F8B78-776B-4DC7-84A7-CABC37028583", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F109E65-853A-4A56-A6B0-A40150805619", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F32EECCC-1943-4C3C-BC2E-9E82EC79A94D", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc300s2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47903BA2-E056-4320-A2D2-7BE2FB99B2C6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc300s2:-:*:*:*:*:*:*:*", matchCriteriaId: "AEBCD870-BF04-4204-BE97-75C306732705", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc310s2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B321EA4-D48D-4579-8E5C-9A17BD18B9E0", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc310s2:-:*:*:*:*:*:*:*", matchCriteriaId: "F863D0B1-79D5-479C-92D0-F8D691E5E915", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDF85561-2455-4488-B8CA-D2355C91CBD0", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc200:-:*:*:*:*:*:*:*", matchCriteriaId: "3476F580-EC2B-40A3-AF3B-819708FDFA3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tapo_c200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E99E304-A052-416A-BE1E-3A97198BE328", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*", matchCriteriaId: "91B3D3B3-6E31-4F14-8DF5-0E3519C29DFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tapo_c100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A99C05D-55E4-4A7D-BE2E-CEDA67B4CB95", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_c100:-:*:*:*:*:*:*:*", matchCriteriaId: "2654082E-60FA-48F9-B69C-0D334C91EA53", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc3430_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00217A8B-AD8C-4D50-8785-98473BEAE2D6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc3430:-:*:*:*:*:*:*:*", matchCriteriaId: "29E212C7-26B4-4645-869F-F5A95EA53B64", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc3430n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1FC76CA-8A7A-49F9-B403-8942CD573E1F", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc3430n:-:*:*:*:*:*:*:*", matchCriteriaId: "46C27C3B-BE49-4202-A477-4AD69B4D7302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc4171g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F58A2506-C5BF-4BF2-9A92-25BB5EADC281", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc4171g:-:*:*:*:*:*:*:*", matchCriteriaId: "974F5AB4-9A68-4941-8E80-D18F36F167A2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, { lang: "es", value: "Las cámaras cloud de TP-Link hasta el 09-02-2020, permiten a atacantes remotos omitir la autenticación y conseguir información confidencial por medio de vectores que involucran una sesión Wi-Fi con GPS habilitado, también se conoce como CNVD-2020-04855.", }, ], id: "CVE-2020-11445", lastModified: "2024-11-21T04:57:55.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-01T04:15:13.630", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }