Published: 04/05/2020 Updated: 20/01/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link nc200 firmware 2.1.6
tp-link nc200 firmware 2.1.9
tp-link nc210 firmware 1.0.3
tp-link nc210 firmware 1.0.4
tp-link nc210 firmware 1.0.9
tp-link nc220 firmware 1.2.0
tp-link nc220 firmware 1.3.0
tp-link nc230 firmware 1.0.3
tp-link nc230 firmware 1.2.1
tp-link nc230 firmware 1.3.0
tp-link nc250 firmware 1.0.8
tp-link nc250 firmware 1.0.10
tp-link nc250 firmware 1.2.1
tp-link nc250 firmware 1.3.0
tp-link nc260 firmware 1.0.5
tp-link nc260 firmware 1.0.6
tp-link nc260 firmware 1.4.1
tp-link nc260 firmware 1.5.0
tp-link nc260 firmware 1.5.2
tp-link nc450 firmware 1.0.15
tp-link nc450 firmware 1.1.2
tp-link nc450 firmware 1.3.4
tp-link nc450 firmware 1.5.3

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced The sys ...

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysnamefcgi), where despite a check on the name length, no other c ...

Vulnerability title: TP-LINK Cloud Cameras NCXXX Bonjour Command Injection Author: Pietro Oliva CVE: CVE-2020-12109 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected version: NC200 <= 219 build 200225, NC210 <= 109 build 200304, NC220 <= 130 build 200304, NC230 <= 130 build 20030 ...

CWE-78 https://seclists.org/fulldisclosure/2020/May/2 https://www.tp-link.com/us/security http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2020/May/2

CVE-2020-12109

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect