CVE-2023-49515

Severity Score

4.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

La vulnerabilidad de permisos inseguros en TP Link TC70 y C200 WIFI Camera v.3 firmware v.1.3.4 y corregida en v.1.3.11 permite a un atacante físicamente cercano obtener información confidencial a través de una conexión a los componentes del pin UART.

*Credits: N/A

CVSS Scores

NISTv3.1 4.6

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-27 CVE Reserved
2024-01-17 CVE Published
2024-07-24 EPSS Updated
2024-08-02 CVE Updated
2024-08-02 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-922: Insecure Storage of Sensitive Information

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART	2024-08-02
https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tapo C200 Firmware Search vendor "Tp-link" for product "Tapo C200 Firmware"	1.1.22 Search vendor "Tp-link" for product "Tapo C200 Firmware" and version "1.1.22"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo C200 Search vendor "Tp-link" for product "Tapo C200"	3 Search vendor "Tp-link" for product "Tapo C200" and version "3"	-	Safe
Tp-link Search vendor "Tp-link"	Tapo C200 Firmware Search vendor "Tp-link" for product "Tapo C200 Firmware"	1.3.4 Search vendor "Tp-link" for product "Tapo C200 Firmware" and version "1.3.4"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo C200 Search vendor "Tp-link" for product "Tapo C200"	3 Search vendor "Tp-link" for product "Tapo C200" and version "3"	-	Safe
Tp-link Search vendor "Tp-link"	Tapo C200 Firmware Search vendor "Tp-link" for product "Tapo C200 Firmware"	1.3.9 Search vendor "Tp-link" for product "Tapo C200 Firmware" and version "1.3.9"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo C200 Search vendor "Tp-link" for product "Tapo C200"	3 Search vendor "Tp-link" for product "Tapo C200" and version "3"	-	Safe
Tp-link Search vendor "Tp-link"	Tapo Tc70 Firmware Search vendor "Tp-link" for product "Tapo Tc70 Firmware"	1.1.22 Search vendor "Tp-link" for product "Tapo Tc70 Firmware" and version "1.1.22"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo Tc70 Search vendor "Tp-link" for product "Tapo Tc70"	3.0 Search vendor "Tp-link" for product "Tapo Tc70" and version "3.0"	-	Safe
Tp-link Search vendor "Tp-link"	Tapo Tc70 Firmware Search vendor "Tp-link" for product "Tapo Tc70 Firmware"	1.3.4 Search vendor "Tp-link" for product "Tapo Tc70 Firmware" and version "1.3.4"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo Tc70 Search vendor "Tp-link" for product "Tapo Tc70"	3.0 Search vendor "Tp-link" for product "Tapo Tc70" and version "3.0"	-	Safe
Tp-link Search vendor "Tp-link"	Tapo Tc70 Firmware Search vendor "Tp-link" for product "Tapo Tc70 Firmware"	1.3.9 Search vendor "Tp-link" for product "Tapo Tc70 Firmware" and version "1.3.9"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tapo Tc70 Search vendor "Tp-link" for product "Tapo Tc70"	3.0 Search vendor "Tp-link" for product "Tapo Tc70" and version "3.0"	-	Safe