CVE-2020-13224 – TP-LINK Cloud Cameras NCXXX Stack Overflow
https://notcve.org/view.php?id=CVE-2020-13224
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow Dispositivos TP-LINK NC200 versiones hasta 2.1.10 build 200401, dispositivos NC210 versiones hasta 1.0.10 build 200401, dispositivos NC220 versiones hasta 1.3.1 build 200401, dispositivos NC230 versiones hasta 1.3.1 build 200401, dispositivos NC250 versiones hasta 1.3.1 build 200401, dispositivos NC260 versiones hasta 1.5.3 build_200401, y los dispositivos NC450 versiones hasta 1.5.4 build 200401, presentan un desbordamiento de búfer TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability. • http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html https://www.tp-link.com/us/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-10231
https://notcve.org/view.php?id=CVE-2020-10231
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. Los dispositivos TP-Link NC200 versiones hasta 2.1.8_Build_171109, NC210 versiones hasta 1.0.9_Build_171214, NC220 versiones hasta 1.3.0_Build_180105, NC230 versiones hasta 1.3.0_Build_171205, NC250 versiones hasta 1.3.0_Build_171205, NC260 versiones hasta 1.5.1_Build_190805, y NC450 versiones hasta 1.5.0_Build_181022, permiten una Desreferencia del Puntero NULL remota. • http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html http://seclists.org/fulldisclosure/2020/Apr/5 http://seclists.org/fulldisclosure/2020/Mar/54 • CWE-476: NULL Pointer Dereference •
CVE-2020-11445
https://notcve.org/view.php?id=CVE-2020-11445
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Las cámaras cloud de TP-Link hasta el 09-02-2020, permiten a atacantes remotos omitir la autenticación y conseguir información confidencial por medio de vectores que involucran una sesión Wi-Fi con GPS habilitado, también se conoce como CNVD-2020-04855. • https://www.cnvd.org.cn/flaw/show/1916613 •