TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
30 Sep 2022, 14:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
23 Sep 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2022, 17:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:* cpe:2.3:o:tp-link:tapo_c200_firmware:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
First Time |
Tp-link
Tp-link tapo C200 Firmware Tp-link tapo C200 |
|
CWE | CWE-77 |
10 Mar 2022, 17:54
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-10 17:44
Updated : 2023-12-10 14:22
NVD link : CVE-2021-4045
Mitre link : CVE-2021-4045
CVE.ORG link : CVE-2021-4045
JSON object : View
Products Affected
tp-link
- tapo_c200_firmware
- tapo_c200
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')