CVE-2021-4045
TP-LINK Tapo C200 remote code execution vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
La cámara IP TP-Link Tapo C200, en su versión de firmware 1.1.15 y anteriores, está afectada por una vulnerabilidad RCE no autenticada, presente en el binario uhttpd que es ejecutado por fallo como root. La explotación de esta vulnerabilidad permite a un atacante tomar el control total de la cámara
TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.
*Credits:
Víctor Fresco Perales
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-02 CVE Reserved
- 2022-03-07 CVE Published
- 2022-09-23 First Exploit
- 2024-05-05 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/51017 | 2022-09-23 | |
| https://github.com/hacefresko/CVE-2021-4045-PoC | 2023-01-01 | |
| https://github.com/pl4int3xt/CVE-2021-4045 | 2023-12-27 | |
| https://github.com/jeffbezosispogg/CVE-2021-4045 | 2022-10-08 | |
| http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tp-link Search vendor "Tp-link" | Tapo C200 Firmware Search vendor "Tp-link" for product "Tapo C200 Firmware" | <= 1.1.15 Search vendor "Tp-link" for product "Tapo C200 Firmware" and version " <= 1.1.15" | - |
Affected
| in | Tp-link Search vendor "Tp-link" | Tapo C200 Search vendor "Tp-link" for product "Tapo C200" | - | - |
Safe
|