Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2020-12109

Published: 04/05/2020 Updated: 20/01/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Tp-link

Vulnerability Summary

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tp-link nc200_firmware 2.1.6

tp-link nc200_firmware 2.1.9

tp-link nc210_firmware 1.0.3

tp-link nc210_firmware 1.0.4

tp-link nc210_firmware 1.0.9

tp-link nc220_firmware 1.2.0

tp-link nc220_firmware 1.3.0

tp-link nc230_firmware 1.0.3

tp-link nc230_firmware 1.2.1

tp-link nc230_firmware 1.3.0

tp-link nc250_firmware 1.0.8

tp-link nc250_firmware 1.0.10

tp-link nc250_firmware 1.2.1

tp-link nc250_firmware 1.3.0

tp-link nc260_firmware 1.0.5

tp-link nc260_firmware 1.0.6

tp-link nc260_firmware 1.4.1

tp-link nc260_firmware 1.5.0

tp-link nc260_firmware 1.5.2

tp-link nc450_firmware 1.0.15

tp-link nc450_firmware 1.1.2

tp-link nc450_firmware 1.3.4

tp-link nc450_firmware 1.5.3

Exploits

Exploit DB: TP-Link Cloud Cameras NCXXX Bonjour Command Injection
TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced The sys ...
Exploit DB: TP-LINK Cloud Cameras NCXXX Bonjour Command Injection
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysnamefcgi), where despite a check on the name length, no other c ...

References

CWE-78https://seclists.org/fulldisclosure/2020/May/2https://www.tp-link.com/us/securityhttp://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.htmlhttp://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook