CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tapo_c200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*

History

30 Sep 2022, 14:46

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

23 Sep 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html -

15 Mar 2022, 17:56

Type Values Removed Values Added
CPE cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:*:*:*:*:*:*:*:*
References (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability - (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
First Time Tp-link
Tp-link tapo C200 Firmware
Tp-link tapo C200
CWE CWE-77

10 Mar 2022, 17:54

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-10 17:44

Updated : 2023-12-10 14:22


NVD link : CVE-2021-4045

Mitre link : CVE-2021-4045

CVE.ORG link : CVE-2021-4045


JSON object : View

Products Affected

tp-link

  • tapo_c200_firmware
  • tapo_c200
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')