PT-2023-6702 · Tp Link · Tp-Link Tapo C100

Aden Yap

Publicado

2023-06-01

Atualizado

2023-11-08

CVE-2023-39610

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C100 versions 1.1.15 Build 211130 Rel.15378n(4555) and before

Description The issue is related to the HTTP service of the TP-Link Tapo C100 IP camera's firmware, specifically with the handling of CRLF sequences in HTTP headers. This can be exploited by an attacker to cause a Denial of Service (DoS) via crafted web requests.

Recommendations For TP-Link Tapo C100 versions 1.1.15 Build 211130 Rel.15378n(4555) and before, consider disabling the HTTP service until a patch is available to prevent potential Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-113CWE-404

Identificadores relacionados

BDU:2023-07473

CVE-2023-39610

Produtos afetados

Tp-Link Tapo C100

PT-2023-6702 · Tp Link · Tp-Link Tapo C100

CVE-2023-39610

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10