CVE-2020-12110 – TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key
https://notcve.org/view.php?id=CVE-2020-12110
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. Determinados dispositivos TP-Link tienen una Clave de Cifrado Embebida. Esto afecta a NC200 versión 2.1.9 build 200225, N210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1.5.2 build 200304, y NC450 versión 1.5.3 build 200304. TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. • http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html https://seclists.org/fulldisclosure/2020/May/3 • CWE-798: Use of Hard-coded Credentials •
CVE-2020-12109 – TP-Link Cloud Cameras NCXXX Bonjour Command Injection
https://notcve.org/view.php?id=CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. Ciertos dispositivos TP-Link permiten una inyección de comandos. Esto afecta a NC200 versión 2.1.9 build 200225, NC210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1.5.2 build 200304, y NC450 versión 1.5.3 build 200304. TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. • http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html https://seclists.org/fulldisclosure/2020/May/2 https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-10916 – TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-10916
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. • https://www.zerodayinitiative.com/advisories/ZDI-20-553 • CWE-287: Improper Authentication •
CVE-2020-8423
https://notcve.org/view.php?id=CVE-2020-8423
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. Un desbordamiento del búfer en el demonio httpd en los dispositivos TP-Link TL-WR841N versión V10 (versión de firmware 3.16.9), permite a un atacante remoto autenticado ejecutar código arbitrario por medio de una petición GET en la página para la configuración de la red Wi-Fi. • https://github.com/lnversed/CVE-2020-8423 https://ktln2.org/2020/03/29/exploiting-mips-router https://www.tp-link.com/us/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-10231
https://notcve.org/view.php?id=CVE-2020-10231
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. Los dispositivos TP-Link NC200 versiones hasta 2.1.8_Build_171109, NC210 versiones hasta 1.0.9_Build_171214, NC220 versiones hasta 1.3.0_Build_180105, NC230 versiones hasta 1.3.0_Build_171205, NC250 versiones hasta 1.3.0_Build_171205, NC260 versiones hasta 1.5.1_Build_190805, y NC450 versiones hasta 1.5.0_Build_181022, permiten una Desreferencia del Puntero NULL remota. • http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html http://seclists.org/fulldisclosure/2020/Apr/5 http://seclists.org/fulldisclosure/2020/Mar/54 • CWE-476: NULL Pointer Dereference •