TP-LINK Tapo C200 remote code execution vulnerability
CVE-2021-4045

9.8CRITICAL

Key Information:

Vendor

Tp-link
Status
Tapo C200
Vendor
CVE Published:
10 March 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 88%

What is CVE-2021-4045?

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tapo C200 1.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-4045-PoC
Created by hacefresko

CVE-2021-4045
Created by pl4int3xt

tapodate
Created by DorskFR

References

https://www.incibe-cert.es/en/early-warning/security-advi...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/168472/TP-Link-Tapo-...
x_refsource_MISC

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Víctor Fresco Perales
JSON
.