CVE-2020-12110

Опубликовано: 04 мая 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Ссылки

http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2020/May/3
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2020/May/3
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc200_firmware:2.1.9:200225:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:tp-link:nc210_firmware:1.0.3:160229:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc210_firmware:1.0.4:160412:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc210_firmware:1.0.9:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc220_firmware:1.3.0:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:tp-link:nc230_firmware:1.0.3:160108:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc230_firmware:1.2.1:170515:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc230_firmware:1.3.0:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

Одно из

cpe:2.3:o:tp-link:nc250_firmware:1.0.8:160108:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc250_firmware:1.0.10:160321:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc250_firmware:1.2.1:170515:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc250_firmware:1.3.0:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

Одно из

cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

Одно из

cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01084

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-pq76-49rr-hg9x

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01084

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798