Published: 04/05/2020 Updated: 12/05/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link nc260_firmware 1.0.5
tp-link nc260_firmware 1.0.6
tp-link nc260_firmware 1.4.1
tp-link nc260_firmware 1.5.0
tp-link nc260_firmware 1.5.2
tp-link nc450_firmware 1.0.15
tp-link nc450_firmware 1.1.2
tp-link nc450_firmware 1.3.4
tp-link nc450_firmware 1.5.3

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKeyfcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input s ...

CWE-78 https://seclists.org/fulldisclosure/2020/May/4 https://www.tp-link.com/us/security http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-12111

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect