Lucene search

PRIOn knowledge basePRION:CVE-2020-12110

HistoryMay 04, 2020 - 2:15 p.m.

Hardcoded credentials

2020-05-0414:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

CPENameOperatorVersion
nc200_firmwareeq2.1.6 160108-b
nc200_firmwareeq2.1.9 200225
nc210_firmwareeq1.0.3 160229
nc210_firmwareeq1.0.4 160412
nc210_firmwareeq1.0.9 200304
nc220_firmwareeq1.2.0 170516
nc220_firmwareeq1.3.0 200304
nc220_firmwareeq1.3.0 180105
nc230_firmwareeq1.0.3 160108
nc230_firmwareeq1.2.1 170515

Name	Operator	Version
nc200_firmware	eq	2.1.6 160108-b
nc200_firmware	eq	2.1.9 200225
nc210_firmware	eq	1.0.3 160229
nc210_firmware	eq	1.0.4 160412
nc210_firmware	eq	1.0.9 200304
nc220_firmware	eq	1.2.0 170516
nc220_firmware	eq	1.3.0 200304
nc220_firmware	eq	1.3.0 180105
nc230_firmware	eq	1.0.3 160108
nc230_firmware	eq	1.2.1 170515

Rows per page:

1-10 of 241

References

packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html

seclists.org/fulldisclosure/2020/May/3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for PRION:CVE-2020-12110