CVE-2020-12111

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-12111
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html Exploit Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2020/May/4 Exploit Mailing List Third Party Advisory
https://www.tp-link.com/us/security Vendor Advisory
http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html Exploit Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2020/May/4 Exploit Mailing List Third Party Advisory
https://www.tp-link.com/us/security Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () https://seclists.org/fulldisclosure/2020/May/4 - Exploit, Mailing List, Third Party Advisory () https://seclists.org/fulldisclosure/2020/May/4 - Exploit, Mailing List, Third Party Advisory
References () https://www.tp-link.com/us/security - Vendor Advisory () https://www.tp-link.com/us/security - Vendor Advisory
Information

Published : 2020-05-04 15:15

Updated : 2024-11-21 04:59

NVD link : CVE-2020-12111

Mitre link : CVE-2020-12111

CVE.ORG link : CVE-2020-12111

JSON object : View

Products Affected

tp-link

  • nc260
  • nc450
  • nc450_firmware
  • nc260_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')