VAR-202005-0328
Vulnerability from variot - Updated: 2023-12-18 13:37Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. plural TP-Link On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-LINK is a brand owned by Pulian Technology Co., Ltd., established in 1996, is specialized in network and communication terminal
The industry's mainstream manufacturers of R&D, manufacturing and marketing of terminal equipment.
The TP-LINK Cloud Cameras NCXXX series has an authorized RCE vulnerability. An attacker can use this vulnerability to use the default credentials admin:admin to execute arbitrary commands as root
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nc250",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.2.1"
},
{
"model": "nc200",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "2.1.6"
},
{
"model": "nc260",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.6"
},
{
"model": "nc230",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.2.1"
},
{
"model": "nc220",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.0"
},
{
"model": "nc210",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.4"
},
{
"model": "nc260",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.5.2"
},
{
"model": "nc210",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.3"
},
{
"model": "nc220",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.2.0"
},
{
"model": "nc260",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.4.1"
},
{
"model": "nc450",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.4"
},
{
"model": "nc200",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "2.1.9"
},
{
"model": "nc250",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.0"
},
{
"model": "nc250",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.10"
},
{
"model": "nc260",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.5"
},
{
"model": "nc250",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.8"
},
{
"model": "nc260",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.5.0"
},
{
"model": "nc450",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.15"
},
{
"model": "nc210",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.9"
},
{
"model": "nc230",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.0.3"
},
{
"model": "nc230",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.3.0"
},
{
"model": "nc450",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.1.2"
},
{
"model": "nc450",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": "1.5.3"
},
{
"model": "nc200",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "2.1.9 build 200225"
},
{
"model": "nc210",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.0.9 build 200304"
},
{
"model": "nc220",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.0 build 200304"
},
{
"model": "nc230",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.0 build 200304"
},
{
"model": "nc250",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.3.0 build 200304"
},
{
"model": "nc260",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.5.2 build 200304"
},
{
"model": "nc450",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "1.5.3 build 200304"
},
{
"model": "cloud cameras nc200 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=2.1.9200225"
},
{
"model": "cloud cameras nc210 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.0.9200304"
},
{
"model": "cloud cameras nc220 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.0200304"
},
{
"model": "cloud cameras nc230 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.0200304"
},
{
"model": "cloud cameras nc250 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.3.0200304"
},
{
"model": "cloud cameras nc260 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.5.2200304"
},
{
"model": "cloud cameras nc450 build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=1.5.3200304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc200_firmware:2.1.9:200225:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc210_firmware:1.0.3:160229:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc210_firmware:1.0.4:160412:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc210_firmware:1.0.9:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc230_firmware:1.0.3:160108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc230_firmware:1.2.1:170515:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc230_firmware:1.3.0:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc250_firmware:1.0.8:160108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc250_firmware:1.0.10:160321:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc250_firmware:1.2.1:170515:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc250_firmware:1.3.0:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pietro Oliva",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-005124",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-26465",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-12109",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005124",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12109",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005124",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-26465",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-007",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12109",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. plural TP-Link On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-LINK is a brand owned by Pulian Technology Co., Ltd., established in 1996, is specialized in network and communication terminal\r\n\r\nThe industry\u0027s mainstream manufacturers of R\u0026D, manufacturing and marketing of terminal equipment. \n\r\n\r\nThe TP-LINK Cloud Cameras NCXXX series has an authorized RCE vulnerability. An attacker can use this vulnerability to use the default credentials admin:admin to execute arbitrary commands as root",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12109",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "157531",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "159222",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-26465",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-12109",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"id": "VAR-202005-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
}
],
"trust": 1.4820512839999997
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
}
]
},
"last_update_date": "2023-12-18T13:37:48.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory",
"trust": 0.8,
"url": "https://www.tp-link.com/us/press/security-advisory/"
},
{
"title": "Patch for TP-LINK Cloud Cameras NCXXX series authorized RCE vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/216249"
},
{
"title": "Multiple TP-Link Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118600"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-12109 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/157531/tp-link-cloud-cameras-ncxxx-bonjour-command-injection.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/159222/tp-link-cloud-cameras-ncxxx-bonjour-command-injection.html"
},
{
"trust": 1.7,
"url": "https://seclists.org/fulldisclosure/2020/may/2"
},
{
"trust": 1.7,
"url": "https://www.tp-link.com/us/security"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12109"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12109"
},
{
"trust": 0.6,
"url": "https://www.tp-link.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-12109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"date": "2020-05-04T16:15:12.087000",
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"date": "2020-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-26465"
},
{
"date": "2023-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12109"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005124"
},
{
"date": "2023-01-20T18:24:43.487000",
"db": "NVD",
"id": "CVE-2020-12109"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TP-Link On the device OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005124"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-007"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…