var-202006-0114
Vulnerability from variot
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow. plural TP-LINK Product Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China.
There are buffer overflow vulnerabilities in many TP-LINK products. Attackers can use this vulnerability to cause the ipcamera process to crash or execute arbitrary code with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nc220",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.1"
},
{
"model": "nc250",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.1"
},
{
"model": "nc200",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "2.1.10"
},
{
"model": "nc230",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.1"
},
{
"model": "nc450",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.5.4"
},
{
"model": "nc260",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.5.3"
},
{
"model": "nc210",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.10"
},
{
"model": "nc200",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "2.1.10 build 200401"
},
{
"model": "nc210",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.0.10 build 200401"
},
{
"model": "nc220",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.1 build 200401"
},
{
"model": "nc230",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.1 build 200401"
},
{
"model": "nc250",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.1 build 200401"
},
{
"model": "nc260",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.5.3 build_200401"
},
{
"model": "nc450",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.5.4 build 200401"
},
{
"model": "tp-link nc200 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=2.1.10200401"
},
{
"model": "tp-link nc210 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.0.10200401"
},
{
"model": "tp-link nc220 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.1200401"
},
{
"model": "tp-link nc230 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.1200401"
},
{
"model": "tp-link nc250 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.1200401"
},
{
"model": "tp-link nc260 build 200401",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.5.3"
},
{
"model": "tp-link nc450 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.5.4200401"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tp-link:nc200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc260_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:nc450_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pietro Oliva",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
}
],
"trust": 0.6
},
"cve": "CVE-2020-13224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-13224",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006943",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-20272",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-13224",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006943",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13224",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006943",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-20272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1096",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow. plural TP-LINK Product Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China. \n\r\n\r\nThere are buffer overflow vulnerabilities in many TP-LINK products. Attackers can use this vulnerability to cause the ipcamera process to crash or execute arbitrary code with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "CNVD",
"id": "CNVD-2021-20272"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13224",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "158115",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-20272",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47341",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1096",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"id": "VAR-202006-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
}
],
"trust": 1.505448715
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
}
]
},
"last_update_date": "2024-11-23T23:01:22.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory",
"trust": 0.8,
"url": "https://www.tp-link.com/us/security"
},
{
"title": "Patches for buffer overflow vulnerabilities in many TP-Link products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253696"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/158115/tp-link-cloud-cameras-ncxxx-stack-overflow.html"
},
{
"trust": 1.6,
"url": "https://www.tp-link.com/us/security"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13224"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"date": "2020-06-17T13:15:11.210000",
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20272"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006943"
},
{
"date": "2020-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1096"
},
{
"date": "2024-11-21T05:00:50.047000",
"db": "NVD",
"id": "CVE-2020-13224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TP-LINK Product Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1096"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…