| Vulnerability Name: | CVE-2021-4045 (CCN-221934) | ||||||||||||
| Assigned: | 2021-12-02 | ||||||||||||
| Published: | 2022-02-11 | ||||||||||||
| Updated: | 2022-09-30 | ||||||||||||
| Summary: | TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-77 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-4045 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html Source: XF Type: UNKNOWN tplink-cve20214045-code-exec(221934) Source: CCN Type: Packet Storm Security [09-23-2022] TP-Link Tapo c200 1.1.15 Remote Code Execution Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [09-23-2022] Source: CCN Type: INCIBE-CERT Web site TP-LINK Tapo C200 remote code execution vulnerability Source: CONFIRM Type: Third Party Advisory https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability Source: CCN Type: TP-Link Web site TP-LINK Tapo C200 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||