23 matches found
EUVD-2020-5494
Malware in sbrugna...
TP-LINK Cloud Cameras NCXXX CVE-2020-13224 - Stack Overflow
CVE-2020-13224 TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability. Vulnerability title: TP-LINK Cloud Cameras NCXXX DelMultiUser Stack Overflow Author: Pietro Oliva CVE: CVE-2020-13224 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affect...
CVE-2020-13224
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build200401, and NC450 devices through 1.5.4 buil...
CVE-2020-13224
CVE-2020-13224 affects TP-Link NC-series cloud cameras (NC200, NC210, NC220, NC230, NC250, NC260, NC450). The issue is a buffer/stack overflow in the httpDelMultiUserRpm path used when deleting multiple users via /delmultiuser.fcgi, in the ipcamera binary. The root cause is improper handling of a...
TP-LINK Cloud Cameras NCXXX Stack Overflow Vulnerability
Exploit for hardware platform in category web applications Vulnerability title: TP-LINK Cloud Cameras NCXXX DelMultiUser Stack Overflow Author: Pietro Oliva CVE: CVE-2020-13224 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected versions: NC200 = 2.1.10 build 200401,...
TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config...
TP-LINK Cloud Cameras NCXXX Bonjour Command Injection Vulnerability
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary Called when setting a new alias for the device via /setsysname.fcgi,...
CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
Command injection
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
CVE-2020-12109
TP-Link Cloud Cameras NCXXX series (NC200/NC210/NC220/NC230/NC250/NC260/NC450) are affected by CVE-2020-12109. An authenticated command-injection weakness exists in the NCXXX line, where the system name (used in shell commands) can be leveraged via swBonjourStartHTTP to execute arbitrary commands...
CVE-2020-12110
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
CVE-2020-12110
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
Hardcoded credentials
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
CVE-2020-12110
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...
CVE-2020-12110
TP-Link NCXXX Cloud Cameras (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are affected by a hardcoded encryption key used to encrypt/decrypt config backups. The issue arises in swSystemBackup/swSystemRestoreFile using DES-ECB with modified s-boxes/permutation tables, enabling potential compro...
PT-2020-13040 · Tp Link · Nc210 +6
Name of the Vulnerable Software and Affected Versions: TP-Link NC200 version 2.1.9 build 200225 TP-Link NC210 version 1.0.9 build 200304 TP-Link NC220 version 1.3.0 build 200304 TP-Link NC230 version 1.3.0 build 200304 TP-Link NC250 version 1.3.0 build 200304 TP-Link NC260 version 1.5.2 build...
CVE-2020-10231
TP-Link NC200 through 2.1.8Build171109, NC210 through 1.0.9Build171214, NC220 through 1.3.0Build180105, NC230 through 1.3.0Build171205, NC250 through 1.3.0Build171205, NC260 through 1.5.1Build190805, and NC450 through 1.5.0Build181022 devices allow a remote NULL Pointer Dereference...
Null pointer dereference
TP-Link NC200 through 2.1.8Build171109, NC210 through 1.0.9Build171214, NC220 through 1.3.0Build180105, NC230 through 1.3.0Build171205, NC250 through 1.3.0Build171205, NC260 through 1.5.1Build190805, and NC450 through 1.5.0Build181022 devices allow a remote NULL Pointer Dereference...
CVE-2020-10231
CVE-2020-10231 affects TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 cameras. The vulnerability resides in the httpLoginRpm path (login.fcgi) of the ipcamera binary: after a successful login, the code does not validate the return value of httpGetEnv(environment, "HTTP_USER_AGENT"), and if the...