Authentication Bypass in TP-Link Cloud Cameras
CVE-2020-11445

5.3MEDIUM

Key Information:

Vendor: Tp-link
Status: Nc450 Firmware
Vendor: CVE Published:; 1 April 2020

Summary

TP-Link cloud cameras were found to have a vulnerability that allows remote attackers to bypass authentication mechanisms. This exploit can occur when a device is connected to a Wi-Fi session with GPS functionality enabled. Through this means, unauthorized users could potentially gain access to sensitive information stored on the camera, posing significant security risks for users relying on these devices for surveillance and monitoring. It is imperative for users to update their devices and adhere to security best practices to mitigate such vulnerabilities.

References

https://www.cnvd.org.cn/flaw/show/1916613

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2020
Vulnerability Reserved
Apr 1, 2020