exploitDog

GHSA-jg46-gm9c-xj3p

Опубликовано: 06 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.6

Описание

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

4.6 Medium

CVSS3

CVE ID

Дефекты

CWE-522

Связанные уязвимости

CVE-2023-27126

CVSS3: 4.6

nvd

больше 2 лет назад

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

BDU:2023-03184

CVSS3: 5.3

fstec

около 3 лет назад

Уязвимость реализации алгоритма шифрования AES микропрограммного обеспечения IP-камер TP-Link Tapo C200, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 13%

0.00044

Низкий

4.6 Medium

CVSS3

CVE ID

Дефекты

CWE-522