Published: 04/05/2020 Updated: 12/05/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link nc260 firmware 1.0.5
tp-link nc260 firmware 1.0.6
tp-link nc260 firmware 1.4.1
tp-link nc260 firmware 1.5.0
tp-link nc260 firmware 1.5.2
tp-link nc450 firmware 1.0.15
tp-link nc450 firmware 1.1.2
tp-link nc450 firmware 1.3.4
tp-link nc450 firmware 1.5.3

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKeyfcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input s ...

Vulnerability title: TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection Author: Pietro Oliva CVE: CVE-2020-12111 Vendor: TP-LINK Product: NC260, NC450 Affected version: NC260 <= 152 build 200304, NC450 <= 153 build 200304 Fixed version: NC260 <= 153 build_200401, NC450 <= 154 build 200401 Description: The issue is l ...

CWE-78 https://seclists.org/fulldisclosure/2020/May/4 https://www.tp-link.com/us/security http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2020/May/4

CVE-2020-12111

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect