Vulnerability Name:

CVE-2020-13224 (CCN-183557)

Assigned:2020-05-02
Published:2020-05-02
Updated:2020-06-24
Summary:TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-13224

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html

Source: XF
Type: UNKNOWN
tplink-cve202013224-bo(183557)

Source: CCN
Type: Packet Storm Security [06-16-2020]
TP-LINK Cloud Cameras NCXXX Stack Overflow

Source: CCN
Type: Full-Disclosure Mailing List, Tue, 16 Jun 2020 18:01:36 +0200
TP-LINK Cloud Cameras NCXXX DelMultiUser Stack Overflow

Source: CCN
Type: TP-Link Web site
Stay Connected Even at Home Bridging social distance one product at a time

Source: MISC
Type: Vendor Advisory
https://www.tp-link.com/us/security

Vulnerable Configuration:Configuration 1:
  • cpe:/o:tp-link:nc200_firmware:*:*:*:*:*:*:*:* (Version <= 2.1.10)
  • AND
  • cpe:/h:tp-link:nc200:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:tp-link:nc210_firmware:*:*:*:*:*:*:*:* (Version <= 1.0.10)
  • AND
  • cpe:/h:tp-link:nc210:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:tp-link:nc220_firmware:*:*:*:*:*:*:*:* (Version <= 1.3.1)
  • AND
  • cpe:/h:tp-link:nc220:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:tp-link:nc230_firmware:*:*:*:*:*:*:*:* (Version <= 1.3.1)
  • AND
  • cpe:/h:tp-link:nc230:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:tp-link:nc250_firmware:*:*:*:*:*:*:*:* (Version <= 1.3.1)
  • AND
  • cpe:/h:tp-link:nc250:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:tp-link:nc260_firmware:*:*:*:*:*:*:*:* (Version <= 1.5.3)
  • AND
  • cpe:/h:tp-link:nc260:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:tp-link:nc450_firmware:*:*:*:*:*:*:*:* (Version <= 1.5.4)
  • AND
  • cpe:/h:tp-link:nc450:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    tp-link nc200 firmware *
    tp-link nc200 -
    tp-link nc210 firmware *
    tp-link nc210 -
    tp-link nc220 firmware *
    tp-link nc220 -
    tp-link nc230 firmware *
    tp-link nc230 -
    tp-link nc250 firmware *
    tp-link nc250 -
    tp-link nc260 firmware *
    tp-link nc260 -
    tp-link nc450 firmware *
    tp-link nc450 -