CVE-2021-4045

TP-LINK Tapo C200 remote code execution vulnerability

CVSS 9.8 CRITICALEPSS 72.8%CWE-77

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

TP-Link · Tapo C200

PoCs públicas encontradas — 8

githubgithub.com/hacefresko/CVE-2021-4045★ 112 githubgithub.com/0xbinder/CVE-2021-4045★ 8 githubgithub.com/jeffbezosispogg/CVE-2021-4045★ 1 githubgithub.com/DorskFR/tapodate★ 1 githubgithub.com/234329a423853/CVE-2021-4045★ 1 githubgithub.com/kaleth4/CVE-2021-4045★ 0 exploitdbwww.exploit-db.com/exploits/51017não verificado cve_referencepacketstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.htmlnão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability