CVE-2021-4045

TP-LINK Tapo C200 remote code execution vulnerability

CVSS 9.8 CRITICALEPSS 72.8%CWE-77

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

TP-Link · Tapo C200

PoCs públicas encontradas — 8

githubgithub.com/hacefresko/CVE-2021-4045★ 112 githubgithub.com/0xbinder/CVE-2021-4045★ 8 githubgithub.com/jeffbezosispogg/CVE-2021-4045★ 1 githubgithub.com/DorskFR/tapodate★ 1 githubgithub.com/234329a423853/CVE-2021-4045★ 1 githubgithub.com/kaleth4/CVE-2021-4045★ 0 exploitdbwww.exploit-db.com/exploits/51017no verificado cve_referencepacketstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability