Hardcoded Encryption Key Vulnerability in TP-Link Cloud Cameras
CVE-2020-12110

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Nc200 Firmware
Vendor: CVE Published:; 4 May 2020

Summary

Certain TP-Link Cloud Cameras are affected by a vulnerability due to the presence of a hardcoded encryption key. This flaw can be exploited by attackers to gain unauthorized access to the devices. The devices impacted include NC200, N210, NC220, NC230, NC250, NC260, and NC450 models, running specific firmware builds. Ensuring that devices are updated and following best security practices is crucial in mitigating potential risks associated with this vulnerability.

References

https://seclists.org/fulldisclosure/2020/May/3

x_refsource_MISC

http://packetstormsecurity.com/files/157532/TP-LINK-Cloud...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2020
Vulnerability Reserved
Apr 23, 2020