CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 2CVE-2023-49515
https://notcve.org/view.php?id=CVE-2023-49515
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. La vulnerabilidad de permisos inseguros en TP Link TC70 y C200 WIFI Camera v.3 firmware v.1.3.4 y corregida en v.1.3.11 permite a un atacante físicamente cercano obtener información confidencial a través de una conexión a los componentes del pin UART. • https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27126
https://notcve.org/view.php?id=CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. • http://tapo.com http://tp-link.com https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 0CVE-2020-11445
https://notcve.org/view.php?id=CVE-2020-11445
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Las cámaras cloud de TP-Link hasta el 09-02-2020, permiten a atacantes remotos omitir la autenticación y conseguir información confidencial por medio de vectores que involucran una sesión Wi-Fi con GPS habilitado, también se conoce como CNVD-2020-04855. • https://www.cnvd.org.cn/flaw/show/1916613 •