cvelistv5 - cve-2020-10231

cve-2020-10231

Vulnerability from cvelistv5

Published

2020-04-01 13:57

Modified

2024-08-04 10:58

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Apr/5	Exploit, Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Mar/54	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Apr/5	Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Mar/54	Exploit, Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:58:39.717Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2020/Mar/54",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
               },
               {
                  name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2020/Apr/5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2020-03-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-10T19:06:05",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://seclists.org/fulldisclosure/2020/Mar/54",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
            },
            {
               name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2020/Apr/5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10231",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://seclists.org/fulldisclosure/2020/Mar/54",
                     refsource: "MISC",
                     url: "http://seclists.org/fulldisclosure/2020/Mar/54",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
                  },
                  {
                     name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2020/Apr/5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10231",
      datePublished: "2020-04-01T13:57:21",
      dateReserved: "2020-03-08T00:00:00",
      dateUpdated: "2024-08-04T10:58:39.717Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-10231\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-01T14:15:14.727\",\"lastModified\":\"2024-11-21T04:55:00.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos TP-Link NC200 versiones hasta 2.1.8_Build_171109, NC210 versiones hasta 1.0.9_Build_171214, NC220 versiones hasta 1.3.0_Build_180105, NC230 versiones hasta 1.3.0_Build_171205, NC250 versiones hasta 1.3.0_Build_171205, NC260 versiones hasta 1.5.1_Build_190805, y NC450 versiones hasta 1.5.0_Build_181022, permiten una Desreferencia del Puntero NULL remota.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B6BC22-788F-42F1-A8D9-35CC1785F404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*\",\"matchCriteriaId\":\"72C02D43-51C5-480B-8957-99C9202E87DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124:*:*:*:*:*:*\",\"matchCriteriaId\":\"10DFDA3B-3612-4BF4-B4B7-855FC19C84FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64558B8-45D8-4FC2-8B91-1ED8CBB2A7EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71C122A0-FEC3-4482-A55D-09FA03A47F56\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4227D23-DF7F-484C-8508-341ED2744B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7D5E76-892D-46B1-BD46-BD34E0CDFC22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2429A7C-6BD0-4A7A-9A65-B21073E0DAF3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F82284F-1244-45BC-9F38-956219905C97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FBEC70-97B8-4475-A490-42D22F282E28\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C6A3B4E-F357-4E9F-A799-E58E0D593F19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*\",\"matchCriteriaId\":\"AACC8ACA-F69A-4C45-AD18-693C29365050\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EDB6A57-0D56-43D2-8D36-EC841D9A7FED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D9115C-95B5-4C2A-B0DB-088FA17E065D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F11009-27B3-489D-B967-1EDE839371CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30AB76B-F4C0-4D38-A8B4-BBE38A86B8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*\",\"matchCriteriaId\":\"456A7C77-6DDF-40E0-A972-669EDFB5D82F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C11C3AF-540C-4DAF-BF69-96C394D4B43F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A89384-FA35-492D-B25D-434A049D3A13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0CCCA4-9023-48FA-B8E7-178DDE664D5D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AB44906-3ED9-40E3-BD20-7749CE33B8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*\",\"matchCriteriaId\":\"C49E1583-39DF-4BFB-BB80-F9F2118DECB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DDAB527-222A-4742-A630-414AA03FACFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b:*:*:*:*:*:*\",\"matchCriteriaId\":\"22397902-2208-4208-89ED-E97B762E3344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE2A26F6-53AA-4F2B-80D5-94EA9156C9B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1856BF12-5B8B-460C-951D-B48DAEFE93F8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Apr/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Mar/54\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Apr/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Mar/54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]}]}}",
   },
}

fkie_cve-2020-10231

Vulnerability from fkie_nvd

Published

2020-04-01 14:15

Modified

2024-11-21 04:55

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Apr/5	Exploit, Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Mar/54	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Apr/5	Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Mar/54	Exploit, Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
tp-link	nc450_firmware	1.1.1
tp-link	nc450_firmware	1.1.2
tp-link	nc450_firmware	1.1.6
tp-link	nc450_firmware	1.5.0
tp-link	nc450	-
tp-link	nc260_firmware	1.0.5
tp-link	nc260_firmware	1.0.6
tp-link	nc260_firmware	1.5.1
tp-link	nc260	-
tp-link	nc250_firmware	1.3.0
tp-link	nc250	-
tp-link	nc230_firmware	1.3.0
tp-link	nc230	-
tp-link	nc220_firmware	1.1.12
tp-link	nc220_firmware	1.1.12
tp-link	nc220_firmware	1.1.14
tp-link	nc220_firmware	1.2.0
tp-link	nc220_firmware	1.3.0
tp-link	nc220	-
tp-link	nc210_firmware	1.0.9
tp-link	nc210	-
tp-link	nc200_firmware	2.1.6
tp-link	nc200_firmware	2.1.6
tp-link	nc200_firmware	2.1.7
tp-link	nc200_firmware	2.1.7
tp-link	nc200_firmware	2.1.8
tp-link	nc200	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928:*:*:*:*:*:*",
                     matchCriteriaId: "B5B6BC22-788F-42F1-A8D9-35CC1785F404",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*",
                     matchCriteriaId: "72C02D43-51C5-480B-8957-99C9202E87DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124:*:*:*:*:*:*",
                     matchCriteriaId: "10DFDA3B-3612-4BF4-B4B7-855FC19C84FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022:*:*:*:*:*:*",
                     matchCriteriaId: "C64558B8-45D8-4FC2-8B91-1ED8CBB2A7EE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "71C122A0-FEC3-4482-A55D-09FA03A47F56",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*",
                     matchCriteriaId: "B4227D23-DF7F-484C-8508-341ED2744B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*",
                     matchCriteriaId: "2E7D5E76-892D-46B1-BD46-BD34E0CDFC22",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805:*:*:*:*:*:*",
                     matchCriteriaId: "F2429A7C-6BD0-4A7A-9A65-B21073E0DAF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F82284F-1244-45BC-9F38-956219905C97",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*",
                     matchCriteriaId: "36FBEC70-97B8-4475-A490-42D22F282E28",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C6A3B4E-F357-4E9F-A799-E58E0D593F19",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*",
                     matchCriteriaId: "AACC8ACA-F69A-4C45-AD18-693C29365050",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a:*:*:*:*:*:*",
                     matchCriteriaId: "F6D9115C-95B5-4C2A-B0DB-088FA17E065D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b:*:*:*:*:*:*",
                     matchCriteriaId: "15F11009-27B3-489D-B967-1EDE839371CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219:*:*:*:*:*:*",
                     matchCriteriaId: "A30AB76B-F4C0-4D38-A8B4-BBE38A86B8C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*",
                     matchCriteriaId: "456A7C77-6DDF-40E0-A972-669EDFB5D82F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*",
                     matchCriteriaId: "5C11C3AF-540C-4DAF-BF69-96C394D4B43F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "09A89384-FA35-492D-B25D-434A049D3A13",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*",
                     matchCriteriaId: "FB0CCCA4-9023-48FA-B8E7-178DDE664D5D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a:*:*:*:*:*:*",
                     matchCriteriaId: "7AB44906-3ED9-40E3-BD20-7749CE33B8D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*",
                     matchCriteriaId: "C49E1583-39DF-4BFB-BB80-F9F2118DECB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a:*:*:*:*:*:*",
                     matchCriteriaId: "5DDAB527-222A-4742-A630-414AA03FACFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b:*:*:*:*:*:*",
                     matchCriteriaId: "22397902-2208-4208-89ED-E97B762E3344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109:*:*:*:*:*:*",
                     matchCriteriaId: "CE2A26F6-53AA-4F2B-80D5-94EA9156C9B6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1856BF12-5B8B-460C-951D-B48DAEFE93F8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
      },
      {
         lang: "es",
         value: "Los dispositivos TP-Link NC200 versiones hasta 2.1.8_Build_171109, NC210 versiones hasta 1.0.9_Build_171214, NC220 versiones hasta 1.3.0_Build_180105, NC230 versiones hasta 1.3.0_Build_171205, NC250 versiones hasta 1.3.0_Build_171205, NC260 versiones hasta 1.5.1_Build_190805, y NC450 versiones hasta 1.5.0_Build_181022, permiten una Desreferencia del Puntero NULL remota.",
      },
   ],
   id: "CVE-2020-10231",
   lastModified: "2024-11-21T04:55:00.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-01T14:15:14.727",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2020/Apr/5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2020/Mar/54",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2020/Apr/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2020/Mar/54",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. plural TP-Link On the device NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. Vulnerability title: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference Author: Pietro Oliva CVE: CVE-2020-10231 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected version: NC200 <= 2.1.8 build 171109, NC210 <= 1.0.9 build 171214, NC220 <= 1.3.0 build 180105, NC230 <= 1.3.0 build 171205, NC250 <= 1.3.0 build 171205, NC260 <= 1.5.1 build 190805, NC450 <= 1.5.0 build 181022

Description: The issue is located in the httpLoginRpm method of the ipcamera binary (handler method for /login.fcgi), where after successful login, there is no check for NULL in the return value of httpGetEnv(environment, "HTTP_USER_AGENT"). Shortly after that, there is a call to strstr(user_agent_string, "Firefox") and if a User-Agent header is not specified by the client, httpGetEnv will return NULL, and a NULL pointer dereference occurs when calling strstr, with consequent crash of the ipcamera process.

Impact: After the crash, the web interface on port 80 will not be available anymore.

Exploitation: An attacker could exploit this issue by just sending a login request with valid credentials (such as admin or limited user), but without an user-agent HTTP header. Default credentials can be used to bypass the credentials requirement.

Evidence: The disassembly of affected code from an NC200 camera is shown below:

0x0047dca0 lw a0, (user_arg) 0x0047dca4 lw a1, (password_arg) 0x0047dca8 lw t9, -sym.swUMMatchPassword(gp) 0x0047dcac nop 0x0047dcb0 jalr t9 0x0047dcb4 nop 0x0047dcb8 lw gp, (saved_gp) 0x0047dcbc sw v0, (auth_result) 0x0047dcc0 lw v0, (auth_result) 0x0047dcc4 nop 0x0047dcc8 bnez v0, 0x47de34 0x0047dccc nop 0x0047dcd0 sw zero, (arg_54h) 0x0047dcd4 lw a0, (environment) 0x0047dcd8 lw a1, -0x7fe4(gp) 0x0047dcdc nop 0x0047dce0 addiu a1, a1, -0x7cb0 ; "HTTP_USER_AGENT" 0x0047dce4 lw t9, -sym.httpGetEnv(gp) 0x0047dce8 nop 0x0047dcec jalr t9 0x0047dcf0 nop 0x0047dcf4 lw gp, (saved_gp) 0x0047dcf8 sw v0, (user_agent_ptr) 0x0047dcfc lw a0, (user_agent_ptr) ; <== This pointer could be NULL 0x0047dd00 lw a1, -0x7fe4(gp) 0x0047dd04 nop 0x0047dd08 addiu a1, a1, -0x7ca0 ; "Firefox" 0x0047dd0c lw t9, -sym.imp.strstr(gp) 0x0047dd10 nop 0x0047dd14 jalr t9

Disclosure timeline:

2nd December 2019 - Initial vulnerability report for NC200.

4th December 2019 - Vendor confirms vulnerablity but does not start fixing due to the product being end-of-life.

4th December 2019 - Notified vendor the vulnerability details will be public and it should be fixed.

6th December 2019 - Thanks for your opinion, we will discuss and write back to you.

7th February 2020 - Notified vendor issue exists on NC450 and possibly all models in between. Fixed a disclosure deadline in 30 days.

8th February 2020 - Vendor: We will check but please be patient.

18th February 2020 - We failed to reproduce the issue with the provided PoC.

24th February 2020 - Reverse engineered all the firmware images on behalf of the vendor and notified they were all vulnerable.

2nd March 2020 - Vendor asks to check fixes for NC200.

2nd March 2020 - Confirmed fix. Asked the vendor to do the same on all cameras.

3rd March 2020 - Vendor will check on other cameras, but will take some time.

3rd March 2020 - Asked the vendor to be quick.

9th March 2020 - Notified CVE identifier to vendor, gave extra week to patch.

9th March 2020 - Vendor is testing fix on all models.

13th March 2020 - Vendor asks to confirm fixes.

13th March 2020 - Confirmed fixes and asked the vendor to publish updates. Disclosure delayed one week to give some time to patch if the vendor published firmware updates.

29th March 2020 - No updates have been made public by the vendor. Releasing details to the public after almost 4 months from initial notification

Show details on source website

JSON

To clipboard

{
   affected_products: {
      _id: null,
      data: [
         {
            _id: null,
            model: "nc220",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.1.14",
         },
         {
            _id: null,
            model: "nc200",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "2.1.8",
         },
         {
            _id: null,
            model: "nc220",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.3.0",
         },
         {
            _id: null,
            model: "nc450",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.1.1",
         },
         {
            _id: null,
            model: "nc260",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.0.6",
         },
         {
            _id: null,
            model: "nc260",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.0.5",
         },
         {
            _id: null,
            model: "nc220",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.2.0",
         },
         {
            _id: null,
            model: "nc210",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.0.9",
         },
         {
            _id: null,
            model: "nc250",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.3.0",
         },
         {
            _id: null,
            model: "nc450",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.5.0",
         },
         {
            _id: null,
            model: "nc200",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "2.1.6",
         },
         {
            _id: null,
            model: "nc450",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.1.2",
         },
         {
            _id: null,
            model: "nc220",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.1.12",
         },
         {
            _id: null,
            model: "nc450",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.1.6",
         },
         {
            _id: null,
            model: "nc260",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.5.1",
         },
         {
            _id: null,
            model: "nc200",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "2.1.7",
         },
         {
            _id: null,
            model: "nc230",
            scope: "eq",
            trust: 1,
            vendor: "tp link",
            version: "1.3.0",
         },
         {
            _id: null,
            model: "nc200",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "2.1.8_build_171109",
         },
         {
            _id: null,
            model: "nc210",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.0.9_build_171214",
         },
         {
            _id: null,
            model: "nc220",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.3.0_build_180105",
         },
         {
            _id: null,
            model: "nc230",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.3.0_build_171205",
         },
         {
            _id: null,
            model: "nc250",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.3.0_build_171205",
         },
         {
            _id: null,
            model: "nc260",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.3.0_build_171205",
         },
         {
            _id: null,
            model: "nc450",
            scope: "eq",
            trust: 0.8,
            vendor: "tp link",
            version: "1.5.0_build_181022",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
      ],
   },
   configurations: {
      _id: null,
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc200_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc210_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc220_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc230_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc250_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc260_firmware",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:tp-link:nc450_firmware",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
      ],
   },
   credits: {
      _id: null,
      data: "Pietro Oliva",
      sources: [
         {
            db: "PACKETSTORM",
            id: "157048",
         },
      ],
      trust: 0.1,
   },
   cve: "CVE-2020-10231",
   cvss: {
      _id: null,
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CVE-2020-10231",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 5,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003917",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  id: "CVE-2020-10231",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003917",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-10231",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-003917",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-013",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
      ],
   },
   description: {
      _id: null,
      data: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. plural TP-Link On the device NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. Vulnerability title: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference\nAuthor: Pietro Oliva\nCVE: CVE-2020-10231\nVendor: TP-LINK\nProduct: NC200, NC210, NC220, NC230, NC250, NC260, NC450\nAffected version: NC200 <= 2.1.8 build 171109, NC210 <= 1.0.9 build 171214,\n                  NC220 <= 1.3.0 build 180105, NC230 <= 1.3.0 build 171205,\n                  NC250 <= 1.3.0 build 171205, NC260 <= 1.5.1 build 190805,\n                  NC450 <= 1.5.0 build 181022\n\nDescription:\nThe issue is located in the httpLoginRpm method of the ipcamera binary (handler\nmethod for /login.fcgi), where after successful login, there is no check for\nNULL in the return value of httpGetEnv(environment, \"HTTP_USER_AGENT\"). Shortly\nafter that, there is a call to strstr(user_agent_string, \"Firefox\") and if a\nUser-Agent header is not specified by the client, httpGetEnv will return NULL,\nand a NULL pointer dereference occurs when calling strstr, with consequent crash\nof the ipcamera process. \n\nImpact:\nAfter the crash, the web interface on port 80 will not be available anymore. \n\nExploitation:\nAn attacker could exploit this issue by just sending a login request with valid\ncredentials (such as admin or limited user), but without an user-agent HTTP\nheader. Default credentials can be used to bypass the credentials requirement. \n\nEvidence:\nThe disassembly of affected code from an NC200 camera is shown below:\n\n0x0047dca0   lw a0, (user_arg)\n0x0047dca4   lw a1, (password_arg)\n0x0047dca8   lw t9, -sym.swUMMatchPassword(gp)\n0x0047dcac   nop\n0x0047dcb0   jalr t9\n0x0047dcb4   nop\n0x0047dcb8   lw gp, (saved_gp)\n0x0047dcbc   sw v0, (auth_result)\n0x0047dcc0   lw v0, (auth_result)\n0x0047dcc4   nop\n0x0047dcc8   bnez v0, 0x47de34\n0x0047dccc   nop\n0x0047dcd0   sw zero, (arg_54h)\n0x0047dcd4   lw a0, (environment)\n0x0047dcd8   lw a1, -0x7fe4(gp)\n0x0047dcdc   nop\n0x0047dce0   addiu a1, a1, -0x7cb0       ; \"HTTP_USER_AGENT\"\n0x0047dce4   lw t9, -sym.httpGetEnv(gp)\n0x0047dce8   nop\n0x0047dcec   jalr t9\n0x0047dcf0   nop\n0x0047dcf4   lw gp, (saved_gp)\n0x0047dcf8   sw v0, (user_agent_ptr)\n0x0047dcfc   lw a0, (user_agent_ptr)     ; <== This pointer could be NULL\n0x0047dd00   lw a1, -0x7fe4(gp)\n0x0047dd04   nop\n0x0047dd08   addiu a1, a1, -0x7ca0       ; \"Firefox\"\n0x0047dd0c   lw t9, -sym.imp.strstr(gp)\n0x0047dd10   nop\n0x0047dd14   jalr t9\n\n\nDisclosure timeline:\n\n2nd December 2019 - Initial vulnerability report for NC200. \n\n4th December 2019 - Vendor confirms vulnerablity but does not start fixing\n                    due to the product being end-of-life. \n\n4th December 2019 - Notified vendor the vulnerability details will be public\n                    and it should be fixed. \n\n6th December 2019 - Thanks for your opinion, we will discuss and write back\n                    to you. \n\n<silence>\n\n7th February 2020 - Notified vendor issue exists on NC450 and possibly all\n                    models in between. Fixed a disclosure deadline in 30 days. \n\n8th February 2020 - Vendor: We will check but please be patient. \n\n18th February 2020 - We failed to reproduce the issue with the provided PoC. \n\n<trying to troubleshoot>\n\n24th February 2020 - Reverse engineered all the firmware images on behalf of\n                     the vendor and notified they were all vulnerable. \n\n2nd March 2020 - Vendor asks to check fixes for NC200. \n\n2nd March 2020 - Confirmed fix. Asked the vendor to do the same on all cameras. \n\n3rd March 2020 - Vendor will check on other cameras, but will take some time. \n\n3rd March 2020 - Asked the vendor to be quick. \n\n9th March 2020 - Notified CVE identifier to vendor, gave extra week to patch. \n\n9th March 2020 - Vendor is testing fix on all models. \n\n13th March 2020 - Vendor asks to confirm fixes. \n\n13th March 2020 - Confirmed fixes and asked the vendor to publish updates. \n                  Disclosure delayed one week to give some time to patch if\n                  the vendor published firmware updates. \n\n29th March 2020 - No updates have been made public by the vendor. Releasing\n                  details to the public after almost 4 months from initial\n                  notification",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "PACKETSTORM",
            id: "157048",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      _id: null,
      data: [
         {
            db: "PACKETSTORM",
            id: "157048",
            trust: 2.5,
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
            trust: 2.5,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "PACKETSTORM",
            id: "157048",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
      ],
   },
   id: "VAR-202004-0373",
   iot: {
      _id: null,
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.41025642,
   },
   last_update_date: "2024-11-23T22:29:40.451000Z",
   patch: {
      _id: null,
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.tp-link.com.cn/",
         },
         {
            title: "Multiple TP-Link Product code issue vulnerability fixes",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117071",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
      ],
   },
   problemtype_data: {
      _id: null,
      data: [
         {
            problemtype: "CWE-476",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
      ],
   },
   references: {
      _id: null,
      data: [
         {
            trust: 3,
            url: "http://packetstormsecurity.com/files/157048/tp-link-cloud-cameras-ncxxx-remote-null-pointer-dereference.html",
         },
         {
            trust: 1.6,
            url: "http://seclists.org/fulldisclosure/2020/mar/54",
         },
         {
            trust: 1.6,
            url: "http://seclists.org/fulldisclosure/2020/apr/5",
         },
         {
            trust: 1.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-10231",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10231",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
         {
            db: "PACKETSTORM",
            id: "157048",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
         },
      ],
   },
   sources: {
      _id: null,
      data: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
            ident: null,
         },
         {
            db: "PACKETSTORM",
            id: "157048",
            ident: null,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
            ident: null,
         },
         {
            db: "NVD",
            id: "CVE-2020-10231",
            ident: null,
         },
      ],
   },
   sources_release_date: {
      _id: null,
      data: [
         {
            date: "2020-04-30T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003917",
            ident: null,
         },
         {
            date: "2020-04-01T15:24:43",
            db: "PACKETSTORM",
            id: "157048",
            ident: null,
         },
         {
            date: "2020-04-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-013",
            ident: null,
         },
         {
            date: "2020-04-01T14:15:14.727000",
            db: "NVD",
            id: "CVE-2020-10231",
            ident: null,
         },
      ],
   },
   sources_update_date: {
      _id: null,
      data: [
         {
            date: "2020-04-30T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003917",
            ident: null,
         },
         {
            date: "2022-07-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-013",
            ident: null,
         },
         {
            date: "2024-11-21T04:55:00.940000",
            db: "NVD",
            id: "CVE-2020-10231",
            ident: null,
         },
      ],
   },
   threat_type: {
      _id: null,
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "157048",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
      ],
      trust: 0.7,
   },
   title: {
      _id: null,
      data: "plural  TP-Link On the device  NULL Pointer dereference vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003917",
         },
      ],
      trust: 0.8,
   },
   type: {
      _id: null,
      data: "code problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-013",
         },
      ],
      trust: 0.6,
   },
}

gsd-2020-10231

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-10231

Aliases

CVE-2020-10231

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2020-10231",
      description: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
      id: "GSD-2020-10231",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2020-10231",
         ],
         details: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
         id: "GSD-2020-10231",
         modified: "2023-12-13T01:22:04.453320Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2020-10231",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "http://seclists.org/fulldisclosure/2020/Mar/54",
                  refsource: "MISC",
                  url: "http://seclists.org/fulldisclosure/2020/Mar/54",
               },
               {
                  name: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
                  refsource: "MISC",
                  url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
               },
               {
                  name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference",
                  refsource: "FULLDISC",
                  url: "http://seclists.org/fulldisclosure/2020/Apr/5",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10231",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-476",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://seclists.org/fulldisclosure/2020/Mar/54",
                     refsource: "MISC",
                     tags: [
                        "Exploit",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "http://seclists.org/fulldisclosure/2020/Mar/54",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
                     refsource: "MISC",
                     tags: [
                        "Exploit",
                        "Third Party Advisory",
                        "VDB Entry",
                     ],
                     url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
                  },
                  {
                     name: "20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference",
                     refsource: "FULLDISC",
                     tags: [
                        "Exploit",
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "http://seclists.org/fulldisclosure/2020/Apr/5",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 3.9,
               impactScore: 3.6,
            },
         },
         lastModifiedDate: "2020-05-12T14:09Z",
         publishedDate: "2020-04-01T14:15Z",
      },
   },
}

ghsa-8gw6-qxv5-f8r7

Vulnerability from github

Published

2022-05-24 17:13

Modified

2022-05-24 17:13

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2020-10231",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2020-04-01T14:15:00Z",
      severity: "MODERATE",
   },
   details: "TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",
   id: "GHSA-8gw6-qxv5-f8r7",
   modified: "2022-05-24T17:13:01Z",
   published: "2022-05-24T17:13:01Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10231",
      },
      {
         type: "WEB",
         url: "http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2020/Apr/5",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2020/Mar/54",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-10231

Vulnerability from cvelistv5

fkie_cve-2020-10231

Vulnerability from fkie_nvd

var-202004-0373

Vulnerability from variot

gsd-2020-10231

Vulnerability from gsd

ghsa-8gw6-qxv5-f8r7

Vulnerability from github

Tags

Sightings

Nomenclature