PT-2022-2572 · Tp Link · Tp-Link Tapo C200
Published
2022-03-07
·
Updated
2022-12-08
·
CVE-2021-4045
CVSS v3.1
10
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TP-Link Tapo C200 version 1.1.15 and below
Description
The issue is related to an unauthenticated remote code execution (RCE) vulnerability in the uhttpd binary, which runs by default as root. This vulnerability is caused by a lack of input data sanitization. The exploitation of this vulnerability allows an attacker to gain full control of the camera.
Recommendations
For TP-Link Tapo C200 version 1.1.15 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Tapo C200