CVE-2020-12109

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
tp-linknc200_firmware
2.1.6:160108_b
tp-linknc200_firmware
2.1.9:200225
tp-linknc210_firmware
1.0.3:160229
tp-linknc210_firmware
1.0.4:160412
tp-linknc210_firmware
1.0.9:200304
tp-linknc220_firmware
1.2.0:170516
tp-linknc220_firmware
1.3.0:180105
tp-linknc220_firmware
1.3.0:200304
tp-linknc230_firmware
1.0.3:160108
tp-linknc230_firmware
1.2.1:170515
tp-linknc230_firmware
1.3.0:200304
tp-linknc250_firmware
1.0.8:160108
tp-linknc250_firmware
1.0.10:160321
tp-linknc250_firmware
1.2.1:170515
tp-linknc250_firmware
1.3.0:200304
tp-linknc260_firmware
1.0.5:160804
tp-linknc260_firmware
1.0.6:161114
tp-linknc260_firmware
1.4.1:180720
tp-linknc260_firmware
1.5.0:181123
tp-linknc260_firmware
1.5.2:200304
tp-linknc450_firmware
1.0.15:160920
tp-linknc450_firmware
1.1.2:161013
tp-linknc450_firmware
1.3.4:171130
tp-linknc450_firmware
1.5.3:200304
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html
http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html
https://seclists.org/fulldisclosure/2020/May/2
https://www.tp-link.com/us/security
http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html
http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html
https://seclists.org/fulldisclosure/2020/May/2
https://www.tp-link.com/us/security