Vulnerabilites related to tp-link - nc220
Vulnerability from fkie_nvd
Published
2020-05-04 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/3 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/3 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc200_firmware | 2.1.6 | |
| tp-link | nc200_firmware | 2.1.9 | |
| tp-link | nc200 | - | |
| tp-link | nc210_firmware | 1.0.3 | |
| tp-link | nc210_firmware | 1.0.4 | |
| tp-link | nc210_firmware | 1.0.9 | |
| tp-link | nc210 | - | |
| tp-link | nc220_firmware | 1.2.0 | |
| tp-link | nc220_firmware | 1.3.0 | |
| tp-link | nc220_firmware | 1.3.0 | |
| tp-link | nc220 | - | |
| tp-link | nc230_firmware | 1.0.3 | |
| tp-link | nc230_firmware | 1.2.1 | |
| tp-link | nc230_firmware | 1.3.0 | |
| tp-link | nc230 | - | |
| tp-link | nc250_firmware | 1.0.8 | |
| tp-link | nc250_firmware | 1.0.10 | |
| tp-link | nc250_firmware | 1.2.1 | |
| tp-link | nc250_firmware | 1.3.0 | |
| tp-link | nc250 | - | |
| tp-link | nc260_firmware | 1.0.5 | |
| tp-link | nc260_firmware | 1.0.6 | |
| tp-link | nc260_firmware | 1.4.1 | |
| tp-link | nc260_firmware | 1.5.0 | |
| tp-link | nc260_firmware | 1.5.2 | |
| tp-link | nc260 | - | |
| tp-link | nc450_firmware | 1.0.15 | |
| tp-link | nc450_firmware | 1.1.2 | |
| tp-link | nc450_firmware | 1.3.4 | |
| tp-link | nc450_firmware | 1.5.3 | |
| tp-link | nc450 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*", matchCriteriaId: "C49E1583-39DF-4BFB-BB80-F9F2118DECB8", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.9:200225:*:*:*:*:*:*", matchCriteriaId: "91F2DC6B-5C4F-49DE-8464-78F750A09135", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.3:160229:*:*:*:*:*:*", matchCriteriaId: "ACC9C2F6-C933-4EAC-AF64-743063F6CF54", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.4:160412:*:*:*:*:*:*", matchCriteriaId: "D2CA6ACA-92A7-4F9C-9897-8841FE8514E2", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:200304:*:*:*:*:*:*", matchCriteriaId: "12008577-3A10-4C23-A237-AC628D10D8E6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*", matchCriteriaId: "456A7C77-6DDF-40E0-A972-669EDFB5D82F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*", matchCriteriaId: "5C11C3AF-540C-4DAF-BF69-96C394D4B43F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "A47A572A-5DE5-46B2-A942-698286872029", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.0.3:160108:*:*:*:*:*:*", matchCriteriaId: "AC051CDE-5054-4925-8D14-B286D01E46B9", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.2.1:170515:*:*:*:*:*:*", matchCriteriaId: "CA09DB0A-47A0-44D9-AABD-2C335B502B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "BC2CCFDD-290A-46FA-9DC2-8CBAE96258DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.0.8:160108:*:*:*:*:*:*", matchCriteriaId: "488217FC-C02C-4AA3-AD0E-26679E5912FF", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.0.10:160321:*:*:*:*:*:*", matchCriteriaId: "D2E08C60-2422-4135-B02F-B605386DC314", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.2.1:170515:*:*:*:*:*:*", matchCriteriaId: "6EB1C532-D019-4EB8-93A0-15FE8DFC07B1", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "4BC014D7-461C-4B63-B79F-B41C55508027", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*", matchCriteriaId: "B4227D23-DF7F-484C-8508-341ED2744B52", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*", matchCriteriaId: "2E7D5E76-892D-46B1-BD46-BD34E0CDFC22", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*", matchCriteriaId: "C23AB02F-00DA-4844-96EE-6E3976BB5065", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*", matchCriteriaId: "3F23255A-C021-4B25-86A8-029007EF4D73", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*", matchCriteriaId: "54C3D856-5E56-4539-8437-495DCA5CB59E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*", matchCriteriaId: "B98EA7FE-B277-44F1-99CD-393FB13D4CC4", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*", matchCriteriaId: "72C02D43-51C5-480B-8957-99C9202E87DC", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*", matchCriteriaId: "B1755D43-FD92-4DAE-B438-711A665C5790", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*", matchCriteriaId: "59F5150F-6D80-4B94-9EA6-A20EF1AC7060", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, { lang: "es", value: "Determinados dispositivos TP-Link tienen una Clave de Cifrado Embebida. Esto afecta a NC200 versión 2.1.9 build 200225, N210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1.5.2 build 200304, y NC450 versión 1.5.3 build 200304.", }, ], id: "CVE-2020-12110", lastModified: "2024-11-21T04:59:16.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-04T14:15:13.277", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/May/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/May/3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-17 13:15
Modified
2024-11-21 05:00
Severity ?
Summary
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.tp-link.com/us/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tp-link.com/us/security | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc200_firmware | * | |
| tp-link | nc200 | - | |
| tp-link | nc210_firmware | * | |
| tp-link | nc210 | - | |
| tp-link | nc220_firmware | * | |
| tp-link | nc220 | - | |
| tp-link | nc230_firmware | * | |
| tp-link | nc230 | - | |
| tp-link | nc250_firmware | * | |
| tp-link | nc250 | - | |
| tp-link | nc260_firmware | * | |
| tp-link | nc260 | - | |
| tp-link | nc450_firmware | * | |
| tp-link | nc450 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E4D7C6FD-2B67-425B-9D48-630FEDC538BE", versionEndIncluding: "2.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "91D46128-D59C-42A9-B61D-44EA99537561", versionEndIncluding: "1.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B5FD1508-2403-4086-B707-C9EEBDAC9B6D", versionEndIncluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36109B57-6864-4742-AE6B-F00B68040CA2", versionEndIncluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1880A8F-EFF4-49EC-8B49-1A01A8FD5F52", versionEndIncluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A321BB22-14B8-4A7C-AE2A-2406079EADE3", versionEndIncluding: "1.5.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C98B9E3F-71C6-4C80-89B3-22B675BDE87C", versionEndIncluding: "1.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow", }, { lang: "es", value: "Dispositivos TP-LINK NC200 versiones hasta 2.1.10 build 200401, dispositivos NC210 versiones hasta 1.0.10 build 200401, dispositivos NC220 versiones hasta 1.3.1 build 200401, dispositivos NC230 versiones hasta 1.3.1 build 200401, dispositivos NC250 versiones hasta 1.3.1 build 200401, dispositivos NC260 versiones hasta 1.5.3 build_200401, y los dispositivos NC450 versiones hasta 1.5.4 build 200401, presentan un desbordamiento de búfer", }, ], id: "CVE-2020-13224", lastModified: "2024-11-21T05:00:50.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-17T13:15:11.210", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.tp-link.com/us/security", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.tp-link.com/us/security", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-01 04:15
Modified
2024-11-21 04:57
Severity ?
Summary
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cnvd.org.cn/flaw/show/1916613 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cnvd.org.cn/flaw/show/1916613 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc450_firmware | * | |
| tp-link | nc450 | - | |
| tp-link | nc260_firmware | * | |
| tp-link | nc260 | - | |
| tp-link | nc250_firmware | * | |
| tp-link | nc250 | - | |
| tp-link | nc230_firmware | * | |
| tp-link | nc230 | - | |
| tp-link | nc220_firmware | * | |
| tp-link | nc220 | - | |
| tp-link | nc210_firmware | * | |
| tp-link | nc210 | - | |
| tp-link | nc200_firmware | * | |
| tp-link | nc200 | - | |
| tp-link | kc300s2_firmware | * | |
| tp-link | kc300s2 | - | |
| tp-link | kc310s2_firmware | * | |
| tp-link | kc310s2 | - | |
| tp-link | kc200_firmware | * | |
| tp-link | kc200 | - | |
| tp-link | tapo_c200_firmware | * | |
| tp-link | tapo_c200 | - | |
| tp-link | tapo_c100_firmware | * | |
| tp-link | tapo_c100 | - | |
| tp-link | tl-sc3430_firmware | * | |
| tp-link | tl-sc3430 | - | |
| tp-link | tl-sc3430n_firmware | * | |
| tp-link | tl-sc3430n | - | |
| tp-link | tl-sc4171g_firmware | * | |
| tp-link | tl-sc4171g | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "771BEC34-1944-43ED-B2FC-F5B03A1C68DA", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82A81BB5-61AF-4E19-AC96-5EE29DA03D59", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74A2AC9-9873-4744-8A15-0771FD231FD7", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97853CD1-D3A6-4713-88CA-F679614AE8E6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E12F8B78-776B-4DC7-84A7-CABC37028583", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F109E65-853A-4A56-A6B0-A40150805619", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F32EECCC-1943-4C3C-BC2E-9E82EC79A94D", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc300s2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47903BA2-E056-4320-A2D2-7BE2FB99B2C6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc300s2:-:*:*:*:*:*:*:*", matchCriteriaId: "AEBCD870-BF04-4204-BE97-75C306732705", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc310s2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B321EA4-D48D-4579-8E5C-9A17BD18B9E0", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc310s2:-:*:*:*:*:*:*:*", matchCriteriaId: "F863D0B1-79D5-479C-92D0-F8D691E5E915", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:kc200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDF85561-2455-4488-B8CA-D2355C91CBD0", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:kc200:-:*:*:*:*:*:*:*", matchCriteriaId: "3476F580-EC2B-40A3-AF3B-819708FDFA3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tapo_c200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E99E304-A052-416A-BE1E-3A97198BE328", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*", matchCriteriaId: "91B3D3B3-6E31-4F14-8DF5-0E3519C29DFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tapo_c100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A99C05D-55E4-4A7D-BE2E-CEDA67B4CB95", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tapo_c100:-:*:*:*:*:*:*:*", matchCriteriaId: "2654082E-60FA-48F9-B69C-0D334C91EA53", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc3430_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00217A8B-AD8C-4D50-8785-98473BEAE2D6", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc3430:-:*:*:*:*:*:*:*", matchCriteriaId: "29E212C7-26B4-4645-869F-F5A95EA53B64", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc3430n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1FC76CA-8A7A-49F9-B403-8942CD573E1F", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc3430n:-:*:*:*:*:*:*:*", matchCriteriaId: "46C27C3B-BE49-4202-A477-4AD69B4D7302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-sc4171g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F58A2506-C5BF-4BF2-9A92-25BB5EADC281", versionEndIncluding: "2020-02-09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-sc4171g:-:*:*:*:*:*:*:*", matchCriteriaId: "974F5AB4-9A68-4941-8E80-D18F36F167A2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, { lang: "es", value: "Las cámaras cloud de TP-Link hasta el 09-02-2020, permiten a atacantes remotos omitir la autenticación y conseguir información confidencial por medio de vectores que involucran una sesión Wi-Fi con GPS habilitado, también se conoce como CNVD-2020-04855.", }, ], id: "CVE-2020-11445", lastModified: "2024-11-21T04:57:55.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-01T04:15:13.630", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-04 16:15
Modified
2024-11-21 04:59
Severity ?
Summary
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc200_firmware | 2.1.6 | |
| tp-link | nc200_firmware | 2.1.9 | |
| tp-link | nc200 | - | |
| tp-link | nc210_firmware | 1.0.3 | |
| tp-link | nc210_firmware | 1.0.4 | |
| tp-link | nc210_firmware | 1.0.9 | |
| tp-link | nc210 | - | |
| tp-link | nc220_firmware | 1.2.0 | |
| tp-link | nc220_firmware | 1.3.0 | |
| tp-link | nc220_firmware | 1.3.0 | |
| tp-link | nc220 | - | |
| tp-link | nc230_firmware | 1.0.3 | |
| tp-link | nc230_firmware | 1.2.1 | |
| tp-link | nc230_firmware | 1.3.0 | |
| tp-link | nc230 | - | |
| tp-link | nc250_firmware | 1.0.8 | |
| tp-link | nc250_firmware | 1.0.10 | |
| tp-link | nc250_firmware | 1.2.1 | |
| tp-link | nc250_firmware | 1.3.0 | |
| tp-link | nc250 | - | |
| tp-link | nc260_firmware | 1.0.5 | |
| tp-link | nc260_firmware | 1.0.6 | |
| tp-link | nc260_firmware | 1.4.1 | |
| tp-link | nc260_firmware | 1.5.0 | |
| tp-link | nc260_firmware | 1.5.2 | |
| tp-link | nc260 | - | |
| tp-link | nc450_firmware | 1.0.15 | |
| tp-link | nc450_firmware | 1.1.2 | |
| tp-link | nc450_firmware | 1.3.4 | |
| tp-link | nc450_firmware | 1.5.3 | |
| tp-link | nc450 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*", matchCriteriaId: "C49E1583-39DF-4BFB-BB80-F9F2118DECB8", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.9:200225:*:*:*:*:*:*", matchCriteriaId: "91F2DC6B-5C4F-49DE-8464-78F750A09135", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.3:160229:*:*:*:*:*:*", matchCriteriaId: "ACC9C2F6-C933-4EAC-AF64-743063F6CF54", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.4:160412:*:*:*:*:*:*", matchCriteriaId: "D2CA6ACA-92A7-4F9C-9897-8841FE8514E2", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:200304:*:*:*:*:*:*", matchCriteriaId: "12008577-3A10-4C23-A237-AC628D10D8E6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*", matchCriteriaId: "456A7C77-6DDF-40E0-A972-669EDFB5D82F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*", matchCriteriaId: "5C11C3AF-540C-4DAF-BF69-96C394D4B43F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "A47A572A-5DE5-46B2-A942-698286872029", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.0.3:160108:*:*:*:*:*:*", matchCriteriaId: "AC051CDE-5054-4925-8D14-B286D01E46B9", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.2.1:170515:*:*:*:*:*:*", matchCriteriaId: "CA09DB0A-47A0-44D9-AABD-2C335B502B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "BC2CCFDD-290A-46FA-9DC2-8CBAE96258DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.0.8:160108:*:*:*:*:*:*", matchCriteriaId: "488217FC-C02C-4AA3-AD0E-26679E5912FF", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.0.10:160321:*:*:*:*:*:*", matchCriteriaId: "D2E08C60-2422-4135-B02F-B605386DC314", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.2.1:170515:*:*:*:*:*:*", matchCriteriaId: "6EB1C532-D019-4EB8-93A0-15FE8DFC07B1", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:200304:*:*:*:*:*:*", matchCriteriaId: "4BC014D7-461C-4B63-B79F-B41C55508027", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*", matchCriteriaId: "B4227D23-DF7F-484C-8508-341ED2744B52", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*", matchCriteriaId: "2E7D5E76-892D-46B1-BD46-BD34E0CDFC22", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*", matchCriteriaId: "C23AB02F-00DA-4844-96EE-6E3976BB5065", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*", matchCriteriaId: "3F23255A-C021-4B25-86A8-029007EF4D73", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*", matchCriteriaId: "54C3D856-5E56-4539-8437-495DCA5CB59E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*", matchCriteriaId: "B98EA7FE-B277-44F1-99CD-393FB13D4CC4", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*", matchCriteriaId: "72C02D43-51C5-480B-8957-99C9202E87DC", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*", matchCriteriaId: "B1755D43-FD92-4DAE-B438-711A665C5790", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*", matchCriteriaId: "59F5150F-6D80-4B94-9EA6-A20EF1AC7060", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, { lang: "es", value: "Ciertos dispositivos TP-Link permiten una inyección de comandos. Esto afecta a NC200 versión 2.1.9 build 200225, NC210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1.5.2 build 200304, y NC450 versión 1.5.3 build 200304.", }, ], id: "CVE-2020-12109", lastModified: "2024-11-21T04:59:15.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-04T16:15:12.087", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/May/2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.tp-link.com/us/security", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/May/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.tp-link.com/us/security", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-01 14:15
Modified
2024-11-21 04:55
Severity ?
Summary
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Apr/5 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Mar/54 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Apr/5 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Mar/54 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | nc450_firmware | 1.1.1 | |
| tp-link | nc450_firmware | 1.1.2 | |
| tp-link | nc450_firmware | 1.1.6 | |
| tp-link | nc450_firmware | 1.5.0 | |
| tp-link | nc450 | - | |
| tp-link | nc260_firmware | 1.0.5 | |
| tp-link | nc260_firmware | 1.0.6 | |
| tp-link | nc260_firmware | 1.5.1 | |
| tp-link | nc260 | - | |
| tp-link | nc250_firmware | 1.3.0 | |
| tp-link | nc250 | - | |
| tp-link | nc230_firmware | 1.3.0 | |
| tp-link | nc230 | - | |
| tp-link | nc220_firmware | 1.1.12 | |
| tp-link | nc220_firmware | 1.1.12 | |
| tp-link | nc220_firmware | 1.1.14 | |
| tp-link | nc220_firmware | 1.2.0 | |
| tp-link | nc220_firmware | 1.3.0 | |
| tp-link | nc220 | - | |
| tp-link | nc210_firmware | 1.0.9 | |
| tp-link | nc210 | - | |
| tp-link | nc200_firmware | 2.1.6 | |
| tp-link | nc200_firmware | 2.1.6 | |
| tp-link | nc200_firmware | 2.1.7 | |
| tp-link | nc200_firmware | 2.1.7 | |
| tp-link | nc200_firmware | 2.1.8 | |
| tp-link | nc200 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928:*:*:*:*:*:*", matchCriteriaId: "B5B6BC22-788F-42F1-A8D9-35CC1785F404", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*", matchCriteriaId: "72C02D43-51C5-480B-8957-99C9202E87DC", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124:*:*:*:*:*:*", matchCriteriaId: "10DFDA3B-3612-4BF4-B4B7-855FC19C84FC", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022:*:*:*:*:*:*", matchCriteriaId: "C64558B8-45D8-4FC2-8B91-1ED8CBB2A7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*", matchCriteriaId: "B4227D23-DF7F-484C-8508-341ED2744B52", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*", matchCriteriaId: "2E7D5E76-892D-46B1-BD46-BD34E0CDFC22", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805:*:*:*:*:*:*", matchCriteriaId: "F2429A7C-6BD0-4A7A-9A65-B21073E0DAF3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*", matchCriteriaId: "36FBEC70-97B8-4475-A490-42D22F282E28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*", matchCriteriaId: "AACC8ACA-F69A-4C45-AD18-693C29365050", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a:*:*:*:*:*:*", matchCriteriaId: "F6D9115C-95B5-4C2A-B0DB-088FA17E065D", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b:*:*:*:*:*:*", matchCriteriaId: "15F11009-27B3-489D-B967-1EDE839371CD", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219:*:*:*:*:*:*", matchCriteriaId: "A30AB76B-F4C0-4D38-A8B4-BBE38A86B8C4", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*", matchCriteriaId: "456A7C77-6DDF-40E0-A972-669EDFB5D82F", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*", matchCriteriaId: "5C11C3AF-540C-4DAF-BF69-96C394D4B43F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*", matchCriteriaId: "FB0CCCA4-9023-48FA-B8E7-178DDE664D5D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a:*:*:*:*:*:*", matchCriteriaId: "7AB44906-3ED9-40E3-BD20-7749CE33B8D2", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*", matchCriteriaId: "C49E1583-39DF-4BFB-BB80-F9F2118DECB8", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a:*:*:*:*:*:*", matchCriteriaId: "5DDAB527-222A-4742-A630-414AA03FACFF", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b:*:*:*:*:*:*", matchCriteriaId: "22397902-2208-4208-89ED-E97B762E3344", vulnerable: true, }, { criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109:*:*:*:*:*:*", matchCriteriaId: "CE2A26F6-53AA-4F2B-80D5-94EA9156C9B6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.", }, { lang: "es", value: "Los dispositivos TP-Link NC200 versiones hasta 2.1.8_Build_171109, NC210 versiones hasta 1.0.9_Build_171214, NC220 versiones hasta 1.3.0_Build_180105, NC230 versiones hasta 1.3.0_Build_171205, NC250 versiones hasta 1.3.0_Build_171205, NC260 versiones hasta 1.5.1_Build_190805, y NC450 versiones hasta 1.5.0_Build_181022, permiten una Desreferencia del Puntero NULL remota.", }, ], id: "CVE-2020-10231", lastModified: "2024-11-21T04:55:00.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-01T14:15:14.727", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Apr/5", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Mar/54", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Apr/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Mar/54", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-11445
Vulnerability from cvelistv5
Published
2020-04-01 03:57
Modified
2024-08-04 11:28
Severity ?
EPSS score ?
Summary
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cnvd.org.cn/flaw/show/1916613 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:28:13.879Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-01T03:57:55", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11445", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cnvd.org.cn/flaw/show/1916613", refsource: "MISC", url: "https://www.cnvd.org.cn/flaw/show/1916613", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11445", datePublished: "2020-04-01T03:57:55", dateReserved: "2020-04-01T00:00:00", dateUpdated: "2024-08-04T11:28:13.879Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12109
Vulnerability from cvelistv5
Published
2020-05-04 15:06
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tp-link.com/us/security | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/May/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tp-link.com/us/security", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/May/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-18T18:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tp-link.com/us/security", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2020/May/2", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12109", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tp-link.com/us/security", refsource: "MISC", url: "https://www.tp-link.com/us/security", }, { name: "https://seclists.org/fulldisclosure/2020/May/2", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2020/May/2", }, { name: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, { name: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12109", datePublished: "2020-05-04T15:06:51", dateReserved: "2020-04-23T00:00:00", dateUpdated: "2024-08-04T11:48:58.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12110
Vulnerability from cvelistv5
Published
2020-05-04 13:49
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2020/May/3 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/May/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-04-29T00:00:00", descriptions: [ { lang: "en", value: "Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-04T18:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2020/May/3", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12110", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://seclists.org/fulldisclosure/2020/May/3", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2020/May/3", }, { name: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12110", datePublished: "2020-05-04T13:49:45", dateReserved: "2020-04-23T00:00:00", dateUpdated: "2024-08-04T11:48:58.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10231
Vulnerability from cvelistv5
Published
2020-04-01 13:57
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Mar/54 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Apr/5 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:58:39.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Mar/54", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", }, { name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Apr/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-03-29T00:00:00", descriptions: [ { lang: "en", value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-10T19:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2020/Mar/54", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", }, { name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Apr/5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10231", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/fulldisclosure/2020/Mar/54", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2020/Mar/54", }, { name: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html", }, { name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Apr/5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10231", datePublished: "2020-04-01T13:57:21", dateReserved: "2020-03-08T00:00:00", dateUpdated: "2024-08-04T10:58:39.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13224
Vulnerability from cvelistv5
Published
2020-06-17 12:13
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tp-link.com/us/security | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tp-link.com/us/security", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:13:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tp-link.com/us/security", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13224", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tp-link.com/us/security", refsource: "MISC", url: "https://www.tp-link.com/us/security", }, { name: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13224", datePublished: "2020-06-17T12:13:36", dateReserved: "2020-05-20T00:00:00", dateUpdated: "2024-08-04T12:11:19.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }