CVE-2020-12110

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
tp-linknc200_firmware
2.1.6:160108_b
tp-linknc200_firmware
2.1.9:200225
tp-linknc210_firmware
1.0.3:160229
tp-linknc210_firmware
1.0.4:160412
tp-linknc210_firmware
1.0.9:200304
tp-linknc220_firmware
1.2.0:170516
tp-linknc220_firmware
1.3.0:180105
tp-linknc220_firmware
1.3.0:200304
tp-linknc230_firmware
1.0.3:160108
tp-linknc230_firmware
1.2.1:170515
tp-linknc230_firmware
1.3.0:200304
tp-linknc250_firmware
1.0.8:160108
tp-linknc250_firmware
1.0.10:160321
tp-linknc250_firmware
1.2.1:170515
tp-linknc250_firmware
1.3.0:200304
tp-linknc260_firmware
1.0.5:160804
tp-linknc260_firmware
1.0.6:161114
tp-linknc260_firmware
1.4.1:180720
tp-linknc260_firmware
1.5.0:181123
tp-linknc260_firmware
1.5.2:200304
tp-linknc450_firmware
1.0.15:160920
tp-linknc450_firmware
1.1.2:161013
tp-linknc450_firmware
1.3.4:171130
tp-linknc450_firmware
1.5.3:200304
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html
https://seclists.org/fulldisclosure/2020/May/3
http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html
https://seclists.org/fulldisclosure/2020/May/3