Lucene search

[email protected]NVD:CVE-2023-27126

HistoryJun 06, 2023 - 6:15 p.m.

CVE-2023-27126

2023-06-0618:15:10

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-27126

tp-link

camera vulnerability

data extraction

data decryption

wifi password

tp-link account

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

Affected configurations

Nvd

Node

tp-linktapo_c200Match3

AND

tp-linktapo_c200_firmwareMatch1.2.2build_220725

VendorProductVersionCPE
tp-linktapo_c2003cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*
tp-linktapo_c200_firmware1.2.2cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.2:build_220725:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	tapo_c200	3	cpe:2.3:h:tp-link:tapo_c200:3:::::::*
tp-link	tapo_c200_firmware	1.2.2	cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.2:build_220725::::::

References

tapo.com

tp-link.com

www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

Related for NVD:CVE-2023-27126

prion1 cvelist1 cve1