CVE-2020-12111

Опубликовано: 04 мая 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

Ссылки

http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2020/May/4
Exploit
Mailing List
Third Party Advisory
https://www.tp-link.com/us/security
Vendor Advisory
http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2020/May/4
Exploit
Mailing List
Third Party Advisory
https://www.tp-link.com/us/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*

cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04509

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-872h-q5p9-28x7

github

больше 3 лет назад