// For flags

CVE-2020-12109

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Ciertos dispositivos TP-Link permiten una inyección de comandos. Esto afecta a NC200 versión 2.1.9 build 200225, NC210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1.5.2 build 200304, y NC450 versión 1.5.3 build 200304.

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysname.fcgi), where despite a check on the name length, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-23 CVE Reserved
  • 2020-05-01 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
Nc200 Firmware
Search vendor "Tp-link" for product "Nc200 Firmware"
2.1.6
Search vendor "Tp-link" for product "Nc200 Firmware" and version "2.1.6"
160108_b
Affected
in Tp-link
Search vendor "Tp-link"
Nc200
Search vendor "Tp-link" for product "Nc200"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc200 Firmware
Search vendor "Tp-link" for product "Nc200 Firmware"
2.1.9
Search vendor "Tp-link" for product "Nc200 Firmware" and version "2.1.9"
200225
Affected
in Tp-link
Search vendor "Tp-link"
Nc200
Search vendor "Tp-link" for product "Nc200"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc210 Firmware
Search vendor "Tp-link" for product "Nc210 Firmware"
1.0.3
Search vendor "Tp-link" for product "Nc210 Firmware" and version "1.0.3"
160229
Affected
in Tp-link
Search vendor "Tp-link"
Nc210
Search vendor "Tp-link" for product "Nc210"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc210 Firmware
Search vendor "Tp-link" for product "Nc210 Firmware"
1.0.4
Search vendor "Tp-link" for product "Nc210 Firmware" and version "1.0.4"
160412
Affected
in Tp-link
Search vendor "Tp-link"
Nc210
Search vendor "Tp-link" for product "Nc210"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc210 Firmware
Search vendor "Tp-link" for product "Nc210 Firmware"
1.0.9
Search vendor "Tp-link" for product "Nc210 Firmware" and version "1.0.9"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc210
Search vendor "Tp-link" for product "Nc210"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc220 Firmware
Search vendor "Tp-link" for product "Nc220 Firmware"
1.2.0
Search vendor "Tp-link" for product "Nc220 Firmware" and version "1.2.0"
170516
Affected
in Tp-link
Search vendor "Tp-link"
Nc220
Search vendor "Tp-link" for product "Nc220"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc220 Firmware
Search vendor "Tp-link" for product "Nc220 Firmware"
1.3.0
Search vendor "Tp-link" for product "Nc220 Firmware" and version "1.3.0"
180105
Affected
in Tp-link
Search vendor "Tp-link"
Nc220
Search vendor "Tp-link" for product "Nc220"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc220 Firmware
Search vendor "Tp-link" for product "Nc220 Firmware"
1.3.0
Search vendor "Tp-link" for product "Nc220 Firmware" and version "1.3.0"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc220
Search vendor "Tp-link" for product "Nc220"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc230 Firmware
Search vendor "Tp-link" for product "Nc230 Firmware"
1.0.3
Search vendor "Tp-link" for product "Nc230 Firmware" and version "1.0.3"
160108
Affected
in Tp-link
Search vendor "Tp-link"
Nc230
Search vendor "Tp-link" for product "Nc230"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc230 Firmware
Search vendor "Tp-link" for product "Nc230 Firmware"
1.2.1
Search vendor "Tp-link" for product "Nc230 Firmware" and version "1.2.1"
170515
Affected
in Tp-link
Search vendor "Tp-link"
Nc230
Search vendor "Tp-link" for product "Nc230"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc230 Firmware
Search vendor "Tp-link" for product "Nc230 Firmware"
1.3.0
Search vendor "Tp-link" for product "Nc230 Firmware" and version "1.3.0"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc230
Search vendor "Tp-link" for product "Nc230"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc250 Firmware
Search vendor "Tp-link" for product "Nc250 Firmware"
1.0.8
Search vendor "Tp-link" for product "Nc250 Firmware" and version "1.0.8"
160108
Affected
in Tp-link
Search vendor "Tp-link"
Nc250
Search vendor "Tp-link" for product "Nc250"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc250 Firmware
Search vendor "Tp-link" for product "Nc250 Firmware"
1.0.10
Search vendor "Tp-link" for product "Nc250 Firmware" and version "1.0.10"
160321
Affected
in Tp-link
Search vendor "Tp-link"
Nc250
Search vendor "Tp-link" for product "Nc250"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc250 Firmware
Search vendor "Tp-link" for product "Nc250 Firmware"
1.2.1
Search vendor "Tp-link" for product "Nc250 Firmware" and version "1.2.1"
170515
Affected
in Tp-link
Search vendor "Tp-link"
Nc250
Search vendor "Tp-link" for product "Nc250"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc250 Firmware
Search vendor "Tp-link" for product "Nc250 Firmware"
1.3.0
Search vendor "Tp-link" for product "Nc250 Firmware" and version "1.3.0"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc250
Search vendor "Tp-link" for product "Nc250"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc260 Firmware
Search vendor "Tp-link" for product "Nc260 Firmware"
1.0.5
Search vendor "Tp-link" for product "Nc260 Firmware" and version "1.0.5"
160804
Affected
in Tp-link
Search vendor "Tp-link"
Nc260
Search vendor "Tp-link" for product "Nc260"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc260 Firmware
Search vendor "Tp-link" for product "Nc260 Firmware"
1.0.6
Search vendor "Tp-link" for product "Nc260 Firmware" and version "1.0.6"
161114
Affected
in Tp-link
Search vendor "Tp-link"
Nc260
Search vendor "Tp-link" for product "Nc260"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc260 Firmware
Search vendor "Tp-link" for product "Nc260 Firmware"
1.4.1
Search vendor "Tp-link" for product "Nc260 Firmware" and version "1.4.1"
180720
Affected
in Tp-link
Search vendor "Tp-link"
Nc260
Search vendor "Tp-link" for product "Nc260"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc260 Firmware
Search vendor "Tp-link" for product "Nc260 Firmware"
1.5.0
Search vendor "Tp-link" for product "Nc260 Firmware" and version "1.5.0"
181123
Affected
in Tp-link
Search vendor "Tp-link"
Nc260
Search vendor "Tp-link" for product "Nc260"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc260 Firmware
Search vendor "Tp-link" for product "Nc260 Firmware"
1.5.2
Search vendor "Tp-link" for product "Nc260 Firmware" and version "1.5.2"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc260
Search vendor "Tp-link" for product "Nc260"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc450 Firmware
Search vendor "Tp-link" for product "Nc450 Firmware"
1.0.15
Search vendor "Tp-link" for product "Nc450 Firmware" and version "1.0.15"
160920
Affected
in Tp-link
Search vendor "Tp-link"
Nc450
Search vendor "Tp-link" for product "Nc450"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc450 Firmware
Search vendor "Tp-link" for product "Nc450 Firmware"
1.1.2
Search vendor "Tp-link" for product "Nc450 Firmware" and version "1.1.2"
161013
Affected
in Tp-link
Search vendor "Tp-link"
Nc450
Search vendor "Tp-link" for product "Nc450"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc450 Firmware
Search vendor "Tp-link" for product "Nc450 Firmware"
1.3.4
Search vendor "Tp-link" for product "Nc450 Firmware" and version "1.3.4"
171130
Affected
in Tp-link
Search vendor "Tp-link"
Nc450
Search vendor "Tp-link" for product "Nc450"
--
Safe
Tp-link
Search vendor "Tp-link"
Nc450 Firmware
Search vendor "Tp-link" for product "Nc450 Firmware"
1.5.3
Search vendor "Tp-link" for product "Nc450 Firmware" and version "1.5.3"
200304
Affected
in Tp-link
Search vendor "Tp-link"
Nc450
Search vendor "Tp-link" for product "Nc450"
--
Safe