var-202005-0329
Vulnerability from variot
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. plural TP-Link A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China.
The swSystemBackup and sym.swSystemRestoreFile methods in many TP-Link products have security vulnerabilities, which are caused by the use of hard-coded encryption keys in the program. Remote attackers can use this vulnerability to obtain sensitive information from backup files. TP-Link NC series Cloud Cameras could allow a remote malicious user to obtain sensitive information, caused by the use of hardcoded encryption key in the swSystemBackup and sym.swSystemRestoreFile methods
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0329", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nc200", scope: "eq", trust: 1.1, vendor: "tp link", version: "2.1.6", }, { model: "nc200", scope: "eq", trust: 1.1, vendor: "tp link", version: "2.1.9", }, { model: "nc210", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.3", }, { model: "nc210", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.4", }, { model: "nc210", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.9", }, { model: "nc220", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.2.0", }, { model: "nc220", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.3.0", }, { model: "nc230", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.3", }, { model: "nc230", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.2.1", }, { model: "nc230", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.3.0", }, { model: "nc250", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.8", }, { model: "nc250", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.10", }, { model: "nc250", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.2.1", }, { model: "nc250", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.3.0", }, { model: "nc260", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.5", }, { model: "nc260", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.6", }, { model: "nc260", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.4.1", }, { model: "nc260", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.5.0", }, { model: "nc260", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.5.2", }, { model: "nc450", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.0.15", }, { model: "nc450", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.1.2", }, { model: "nc450", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.3.4", }, { model: "nc450", scope: "eq", trust: 1.1, vendor: "tp link", version: "1.5.3", }, { model: "nc200", scope: "eq", trust: 0.8, vendor: "tp link", version: "2.1.9 build 200225", }, { model: "nc210", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.0.9 build 200304", }, { model: "nc220", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.3.0 build 200304", }, { model: "nc230", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.3.0 build 200304", }, { model: "nc250", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.3.0 build 200304", }, { model: "nc260", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.5.2 build 200304", }, { model: "nc450", scope: "eq", trust: 0.8, vendor: "tp link", version: "1.5.2 build 200304", }, { model: "tp-link nc200 2.1.6:160108 b", scope: null, trust: 0.6, vendor: "tp link", version: null, }, { model: "tp-link nc200", scope: "eq", trust: 0.6, vendor: "tp link", version: "2.1.9:200225", }, { model: "tp-link nc220", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.2.0:170516", }, { model: "tp-link nc220", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.3.0:180105", }, { model: "tp-link nc220", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.3.0:200304", }, { model: "tp-link nc230", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.3:160108", }, { model: "tp-link nc230", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.2.1:170515", }, { model: "tp-link nc230", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.3.0:200304", }, { model: "tp-link nc250", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.8:160108", }, { model: "tp-link nc250", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.10:160321", }, { model: "tp-link nc250", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.2.1:170515", }, { model: "tp-link nc250", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.3.0:200304", }, { model: "tp-link nc260", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.5:160804", }, { model: "tp-link nc260", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.6:161114", }, { model: "tp-link nc260", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.4.1:180720", }, { model: "tp-link nc260", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.5.0:181123", }, { model: "tp-link nc260", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.5.2:200304", }, { model: "tp-link nc450", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.0.15:160920", }, { model: "tp-link nc450", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.1.2:161013", }, { model: "tp-link nc450", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.3.4:171130", }, { model: "tp-link nc450", scope: "eq", trust: 0.6, vendor: "tp link", version: "1.5.3:200304", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:tp-link:nc200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc210_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc230_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc250_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc260_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:tp-link:nc450_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-005193", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Pietro Oliva", sources: [ { db: "CNNVD", id: "CNNVD-202005-006", }, ], trust: 0.6, }, cve: "CVE-2020-12110", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-12110", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-005193", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-28010", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2020-12110", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-005193", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-12110", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-005193", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-28010", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202005-006", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2020-12110", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNNVD", id: "CNNVD-202005-006", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. plural TP-Link A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China. \n\r\n\r\nThe swSystemBackup and sym.swSystemRestoreFile methods in many TP-Link products have security vulnerabilities, which are caused by the use of hard-coded encryption keys in the program. Remote attackers can use this vulnerability to obtain sensitive information from backup files. TP-Link NC series Cloud Cameras could allow a remote malicious user to obtain sensitive information, caused by the use of hardcoded encryption key in the swSystemBackup and sym.swSystemRestoreFile methods", sources: [ { db: "NVD", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-12110", trust: 3.1, }, { db: "PACKETSTORM", id: "157532", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2020-005193", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-28010", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-006", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-12110", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNNVD", id: "CNNVD-202005-006", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, id: "VAR-202005-0329", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, ], trust: 1.505448715, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, ], }, last_update_date: "2024-11-23T22:48:00.215000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.tp-link.com/en/", }, { title: "Patch for Vulnerabilities in trust management issues of multiple TP-Link products", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/257956", }, { title: "Multiple TP-Link Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117960", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNNVD", id: "CNNVD-202005-006", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "http://packetstormsecurity.com/files/157532/tp-link-cloud-cameras-ncxxx-hardcoded-encryption-key.html", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12110", }, { trust: 1.7, url: "https://seclists.org/fulldisclosure/2020/may/3", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12110", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/798.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181258", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNNVD", id: "CNNVD-202005-006", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-28010", }, { db: "VULMON", id: "CVE-2020-12110", }, { db: "JVNDB", id: "JVNDB-2020-005193", }, { db: "CNNVD", id: "CNNVD-202005-006", }, { db: "NVD", id: "CVE-2020-12110", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-14T00:00:00", db: "CNVD", id: "CNVD-2021-28010", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2020-12110", }, { date: "2020-06-09T00:00:00", db: "JVNDB", id: "JVNDB-2020-005193", }, { date: "2020-05-01T00:00:00", db: "CNNVD", id: "CNNVD-202005-006", }, { date: "2020-05-04T14:15:13.277000", db: "NVD", id: "CVE-2020-12110", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-14T00:00:00", db: "CNVD", id: "CNVD-2021-28010", }, { date: "2020-05-12T00:00:00", db: "VULMON", id: "CVE-2020-12110", }, { date: "2020-06-09T00:00:00", db: "JVNDB", id: "JVNDB-2020-005193", }, { date: "2020-05-13T00:00:00", db: "CNNVD", id: "CNNVD-202005-006", }, { date: "2024-11-21T04:59:16.057000", db: "NVD", id: "CVE-2020-12110", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202005-006", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural TP-Link Vulnerability in using hard-coded credentials on devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-005193", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202005-006", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.