Vulnerability Description
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Nc450 Firmware | <= 2020-02-09 |
| Tp-Link | Nc450 | - |
| Tp-Link | Nc260 Firmware | <= 2020-02-09 |
| Tp-Link | Nc260 | - |
| Tp-Link | Nc250 Firmware | <= 2020-02-09 |
| Tp-Link | Nc250 | - |
| Tp-Link | Nc230 Firmware | <= 2020-02-09 |
| Tp-Link | Nc230 | - |
| Tp-Link | Nc220 Firmware | <= 2020-02-09 |
| Tp-Link | Nc220 | - |
| Tp-Link | Nc210 Firmware | <= 2020-02-09 |
| Tp-Link | Nc210 | - |
| Tp-Link | Nc200 Firmware | <= 2020-02-09 |
| Tp-Link | Nc200 | - |
| Tp-Link | Kc300S2 Firmware | <= 2020-02-09 |
| Tp-Link | Kc300S2 | - |
| Tp-Link | Kc310S2 Firmware | <= 2020-02-09 |
| Tp-Link | Kc310S2 | - |
| Tp-Link | Kc200 Firmware | <= 2020-02-09 |
| Tp-Link | Kc200 | - |
References
- https://www.cnvd.org.cn/flaw/show/1916613Third Party Advisory
- https://www.cnvd.org.cn/flaw/show/1916613Third Party Advisory
FAQ
What is CVE-2020-11445?
CVE-2020-11445 is a vulnerability with a CVSS score of 5.3 (MEDIUM). TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
How severe is CVE-2020-11445?
CVE-2020-11445 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11445?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Nc450 Firmware, Tp-Link Nc450, Tp-Link Nc260 Firmware, Tp-Link Nc260, Tp-Link Nc250 Firmware.