PT-2020-13042 · Tp Link · Tp-Link Nc450+1

Pietro Oliva

Published

2020-05-04

Updated

2020-05-12

CVE-2020-12111

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TP-Link NC260 version 1.5.2 build 200304 TP-Link NC450 version 1.5.3 build 200304

Description The issue allows Command Injection, which can be exploited by attackers. This affects certain TP-Link devices.

Recommendations For TP-Link NC260 version 1.5.2 build 200304, update to a newer version that contains a fix for this issue. For TP-Link NC450 version 1.5.3 build 200304, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the affected devices until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-12111

Affected Products

Tp-Link Nc260

Tp-Link Nc450

PT-2020-13042 · Tp Link · Tp-Link Nc450+1

CVE-2020-12111

Weakness Enumeration

Related Identifiers

Affected Products

References · 6